34 matches found
CVE-2024-3705 Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...
CVE-2024-3705 Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...
CVE-2024-3705
CVE-2024-3705 affects OpenGnsys 1.1.1d (Espeto). The flaw is an unrestricted file upload via POST to /opengnsys/images/M_Icons.php due to missing file-extension verification, enabling potential webshell injection with high impact (C:H/I:H/A:H). Documents confirm the vulnerable component and root ...
CVE-2024-3704
OpenGnsys
CVE-2024-3704 SQL Injection vulnerability in OpenGnsys
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...
CVE-2024-3704 SQL Injection vulnerability in OpenGnsys
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...
OpenGnsys 信息泄露漏洞
OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. An information disclosure vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of an information exposure vulnerability that allows an attacker to view a php back...
OpenGnsys 安全漏洞
OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A security vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of an information exposure vulnerability that allows an attacker to enumerate all files in the Web...
OpenGnsys 代码问题漏洞
OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A code issue vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from an unlimited file upload vulnerability that allows an attacker to send a POST request to modify a file...
PT-2024-27275 · Opengnsys · Opengnsys
Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to view a php backup file, specifically controlaccess.php-LAST, where database credentials are stored. This is an information exposure vulnerability. Recommendations: F...
PT-2024-27265 · Opengnsys · Opengnsys
Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to send a POST request to the endpoint '/opengnsys/images/M Icons.php' and modify the file extension due to a lack of file extension verification. This results in a...
PT-2024-27284 · Opengnsys · Opengnsys
Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to enumerate all files in the web tree by accessing a php file. This is an information exposure vulnerability. Recommendations: For OpenGnsys version 1.1.1d Espeto,...
PT-2024-27255 · Espeto · Opengnsys
Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: A SQL Injection issue has been discovered, allowing an attacker to inject malicious SQL code into the login page. This could enable the attacker to bypass the login or retrieve all the information...
OpenGnsys SQL注入漏洞
OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A SQL injection vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of a SQL injection vulnerability that allows an attacker to inject malicious SQL code into th...