PT-2025-48155

Name of the Vulnerable Software and Affected Versions OpenCode Systems USSD Gateway OC Release:5 version 6.13.11 Description A flaw exists in access control within the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5. This allows attackers with limited privileges to acces...

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway version 6.13.11, which stems from an SQL injection in the ID parameter of the getSubUsersByProvider function...

CVE-2025-65239

CVE-2025-65239 affects OpenCode Systems USSD Gateway OC Release:5 (version 6.13.11). The /aux1/ocussd/trace endpoint has incorrect access control, enabling attackers with low privileges to read server logs. Reported CVSSv3.1 base score is 4.3 (MEDIUM), with network access, low privileges required...

CVE-2025-65238

Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...

CVE-2025-65239

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway that stems from improper access control in the getSubUsersByProvider function, which could allow a low-privileged attacker to dump...

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway that originates from an SQL injection in the Session ID parameter in /occontrolpanel/index.php...

CVE-2025-65235

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...

CVE-2025-65237

A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...

CVE-2025-65235

CVE-2025-65235 affects OpenCode Systems USSD Gateway OC Release: 5, Version 6.13.11, with a SQL injection in the ID parameter of the getSubUsersByProvider function. Connected sources (Red Hat, EU ENISA, NVD/CVE records, CNNVD) corroborate a SQL injection vulnerability in this release. The CVSSv3....

PT-2025-48157

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...

EUVD-2024-52777

Malicious code in bioql PyPI...

CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...

CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...

PT-2025-3120 · Opencode · Opencode Mobile Collect Call

Name of the Vulnerable Software and Affected Versions: Opencode Mobile Collect Call version 5.4.7 Description: The issue allows attackers to execute arbitrary web scripts or HTML, potentially leading to Remote Code Execution RCE and cross-site scripting XSS. This can be achieved by injecting a...

CVE-2024-55494

CVE-2024-55494 affects Opencode Mobile Collect Call v5.4.7. A PHP Code Injection vulnerability allows an attacker to inject code via a crafted payload into the op_func parameter at /occontrolpanel/index.php, enabling potential Remote Code Execution and XSS. The issue is documented across multiple...

CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...

Opencode Mobile Collect Call 安全漏洞

Opencode Mobile Collect Call is a mobile payphone solution from Opencode. A security vulnerability exists in Opencode Mobile Collect Call version v5.4.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the opfunc...

CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...