CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

ResourceSpace - Local File inclusion

ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. id: CVE-2015-3648 info: name: ResourceSpace - Local File inclusion author: pikpikcu severity: high description: ResourceSpace is prone to a local file-inclusion...

7.5CVSS5.8AI score0.51684EPSS

Exploits3References5

RedhatCVE•added 2026/01/09 10:46 a.m.•7 views

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

6.5CVSS7AI score0.24772EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2015-6851

Malware in sbrugna...

7.5CVSS6.4AI score0.00319EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 9:32 a.m.•6 views

CVE-2015-6915

SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php...

7.5CVSS8.8AI score0.00319EPSS

Exploits1References1

OSV•added 2024/03/06 11:3 a.m.•12 views

BIT-RESOURCESPACE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

6.5CVSS6.6AI score0.24772EPSS

Exploits1References2

Check Point Advisories•added 2022/11/17 12:0 a.m.•4 views

Montala Limited ResourceSpace Arbitrary File Deletion (CVE-2021-41950)

An arbitrary file deletion vulnerability exists in ResourceSpace by Montala Limited. The vulnerability is due to unsanitized parameters used in the titles.php page...

6.4CVSS4.2AI score0.32263EPSS

Exploits1

NVD•added 2022/07/17 8:15 p.m.•12 views

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

6.5CVSS0.24772EPSS

Exploits1References2

Prion•added 2022/07/17 8:15 p.m.•7 views

Design/Logic Flaw

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

6.4CVSS6.6AI score0.24772EPSS

Exploits1References2Affected Software1

CVE•added 2022/07/17 7:57 p.m.•74 views

CVE-2022-31260

ResourceSpace CVE-2022-31260 affects Montala ResourceSpace up to version 9.8 prior to r19636. The flaw is in csv_export_results_metadata.php, where an attacker can export collection metadata by providing a non-NULL k value. Impact: unauthorized access to metadata. Mitigation: upgrade to the fixed...

6.5CVSS6.6AI score0.24772EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/07/17 7:57 p.m.•16 views

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

6.8AI score0.24772EPSS

Exploits1References2

Positive Technologies•added 2022/07/17 12:0 a.m.•2 views

PT-2022-20648 · Montala · Resourcespace

Name of the Vulnerable Software and Affected Versions: Montala ResourceSpace versions prior to r19636 Description: The issue allows attackers to export collection metadata via a non-NULL k value in the csv export results metadata.php file. Recommendations: For versions prior to r19636, update to ...

6.5CVSS6.3AI score0.24772EPSS

Exploits1References5

CNVD•added 2015/09/15 12:0 a.m.•2 views

Montala Limited ResourceSpace SQL Injection Vulnerability

Montala Limited ResourceSpace is a suite of open source digital asset management software from Montala UK. A SQL injection vulnerability exists in Montala Limited ResourceSpace 7.3.7009 and earlier versions, which can be exploited by remote attackers to execute arbitrary SQL commands...

7.5CVSS8.5AI score0.00319EPSS

Exploits1References1

NVD•added 2015/09/11 4:59 p.m.•8 views

CVE-2015-6915

7.5CVSS8.4AI score0.00319EPSS

Exploits1References1

Prion•added 2015/09/11 4:59 p.m.•10 views

Sql injection

7.5CVSS9.1AI score0.00319EPSS

Exploits1References1Affected Software1

CVE•added 2015/09/11 4:0 p.m.•35 views

CVE-2015-6915

The CVE-2015-6915 entry concerns Montala Limited ResourceSpace (open source DAM) up to version 7.3.7009 and earlier. The vulnerability is a SQL injection in the plugins/feedback/pages/feedback.php handler, exploitable via the "user" cookie. This is a server-side issue that allows remote attackers...

7.5CVSS8.7AI score0.00319EPSS

Exploits1References1Affected Software1

0day.today•added 2015/08/25 12:0 a.m.•26 views

ResourceSpace CMS 7.3.7009 SQL Injection Vulnerability

ResourceSpace CMS versions 7.3.7009 and below suffer from a remote SQL injection vulnerability. Title: Blind boolean sql injection vulnerability in ResourceSpace CMS Author: William F. Reyor III Contact: email protected Published: August 22 2015 Vendor: Montala Limited Vendor url:...

8.1AI score

Exploits0

Packet Storm•added 2015/08/25 12:0 a.m.•19 views

ResourceSpace CMS 7.3.7009 SQL Injection

Title: Blind boolean sql injection vulnerability in ResourceSpace CMS Author: William F. Reyor III Contact: [email protected] Published: August 22 2015 Vendor: Montala Limited Vendor url: www.resourcespace.org Software: ResourceSpace Digital Asset Management Software Versions: 7.3.7009 and pri...

7.4AI score

Exploits0

NVD•added 2015/06/09 2:59 p.m.•10 views

CVE-2015-3648

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the defaultlanguage parameter...

7.5CVSS7AI score0.51684EPSS

Exploits3References5

Prion•added 2015/06/09 2:59 p.m.•12 views

Directory traversal

7.5CVSS7.5AI score0.51684EPSS

Exploits3References5Affected Software1

Cvelist•added 2015/06/09 2:0 p.m.•16 views

CVE-2015-3648

7AI score0.51684EPSS

Exploits3References5

Rows per page