PT-2024-27237 · Espeto · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: A SQL Injection issue has been discovered, allowing an attacker to inject malicious SQL code into the login page. This could enable the attacker to bypass the login or retrieve all the information...

CVE-2024-3707

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file...

CVE-2024-3706

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to view a php backup file controlaccess.php-LAST where database credentials are stored...

CVE-2024-3705

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...

CVE-2024-3704

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

CVE-2024-3707

OpenGnsys version 1.1.1d (Espeto) is affected by CVE-2024-3707, an information exposure vulnerability in the web interface that allows an attacker to enumerate all files in the web tree by accessing a PHP file. The issue is described as a directory-listing / information disclosure flaw in OpenGns...

CVE-2024-3704 SQL Injection vulnerability in OpenGnsys

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

CVE-2024-3704

OpenGnsys

PT-2024-27284 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to enumerate all files in the web tree by accessing a php file. This is an information exposure vulnerability. Recommendations: For OpenGnsys version 1.1.1d Espeto,...

OpenGnsys SQL注入漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A SQL injection vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of a SQL injection vulnerability that allows an attacker to inject malicious SQL code into th...

PT-2024-27265 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to send a POST request to the endpoint '/opengnsys/images/M Icons.php' and modify the file extension due to a lack of file extension verification. This results in a...

OpenGnsys 代码问题漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A code issue vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from an unlimited file upload vulnerability that allows an attacker to send a POST request to modify a file...

OpenGnsys 信息泄露漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. An information disclosure vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of an information exposure vulnerability that allows an attacker to view a php back...