4 matches found
EUVD-2021-30121
Malicious code in bioql PyPI...
CVE-2021-43175
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly,...
CVE-2021-43176
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the...
CVE-2021-43175
Summary (technical): GOautodial API before commit 3c3a979 (Oct 13, 2021) exposes a router that takes username, password, and an action to dispatch to PHP files. In vulnerable versions, credentials are not validated properly, letting callers specify arbitrary values and authenticate. Separate but ...