19 matches found
OpenCode Systems OC Messaging / USSD Gateway OC 安全漏洞
OpenCode Systems OC Messaging/USSD Gateway OC is a telecommunications operator messaging gateway system developed by OpenCode Company in the UK. Version 6.32.2 of OpenCode Systems OC Messaging/USSD Gateway OC contains a security vulnerability. This vulnerability stems from access control flaws in...
CVE-2025-65238
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...
CVE-2025-65235
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...
CVE-2025-65237
A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...
EUVD-2025-199725
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
EUVD-2025-199722
A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...
EUVD-2025-199721
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
CVE-2025-65238
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
CVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
CVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
CVE-2025-65236
CVE-2025-65236 affects OpenCode Systems USSD Gateway OC Release 5. The issue is a SQL injection via the Session ID parameter in the endpoint /occontrolpanel/index.php . CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impacts incl...
CVE-2025-65238
OpenCode Systems USSD Gateway OC is affected by CVE-2025-65238. The issue is an incorrect access control in the getSubUsersByProvider function, in OC Release 5 Version 6.13.11, which could allow attackers with low privileges to dump user records and access sensitive information. The available con...
PT-2025-48155
Name of the Vulnerable Software and Affected Versions OpenCode Systems USSD Gateway OC Release:5 version 6.13.11 Description A flaw exists in access control within the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5. This allows attackers with limited privileges to acces...
PT-2025-48158
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
CVE-2025-65235
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...
CVE-2025-65235
CVE-2025-65235 affects OpenCode Systems USSD Gateway OC Release: 5, Version 6.13.11, with a SQL injection in the ID parameter of the getSubUsersByProvider function. Connected sources (Red Hat, EU ENISA, NVD/CVE records, CNNVD) corroborate a SQL injection vulnerability in this release. The CVSSv3....
PT-2025-48157
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...