Lucene search
K

34 matches found

Cvelist
Cvelist
added 2024/04/12 1:50 p.m.17 views

CVE-2024-3705 Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...

8.8CVSS9AI score0.00765EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/12 1:50 p.m.12 views

CVE-2024-3705 Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/MIcons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell...

8.8CVSS7.2AI score0.00765EPSS
Exploits0References2
CVE
CVE
added 2024/04/12 1:50 p.m.37 views

CVE-2024-3705

CVE-2024-3705 affects OpenGnsys 1.1.1d (Espeto). The flaw is an unrestricted file upload via POST to /opengnsys/images/M_Icons.php due to missing file-extension verification, enabling potential webshell injection with high impact (C:H/I:H/A:H). Documents confirm the vulnerable component and root ...

8.8CVSS7.1AI score0.00765EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/12 1:47 p.m.42 views

CVE-2024-3704

OpenGnsys

9.8CVSS7.6AI score0.00729EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/04/12 1:47 p.m.12 views

CVE-2024-3704 SQL Injection vulnerability in OpenGnsys

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

9.8CVSS9.8AI score0.00729EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/12 1:47 p.m.12 views

CVE-2024-3704 SQL Injection vulnerability in OpenGnsys

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

9.8CVSS7.7AI score0.00729EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.3 views

OpenGnsys 信息泄露漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. An information disclosure vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of an information exposure vulnerability that allows an attacker to view a php back...

7.5CVSS6.1AI score0.00518EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.4 views

OpenGnsys 安全漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A security vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of an information exposure vulnerability that allows an attacker to enumerate all files in the Web...

5.3CVSS6.4AI score0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.4 views

OpenGnsys 代码问题漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A code issue vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from an unlimited file upload vulnerability that allows an attacker to send a POST request to modify a file...

8.8CVSS7.1AI score0.00765EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.6 views

PT-2024-27275 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to view a php backup file, specifically controlaccess.php-LAST, where database credentials are stored. This is an information exposure vulnerability. Recommendations: F...

5.9CVSS7AI score0.00518EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.6 views

PT-2024-27265 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to send a POST request to the endpoint '/opengnsys/images/M Icons.php' and modify the file extension due to a lack of file extension verification. This results in a...

8.8CVSS7.3AI score0.00765EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.4 views

PT-2024-27284 · Opengnsys · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: The issue allows an attacker to enumerate all files in the web tree by accessing a php file. This is an information exposure vulnerability. Recommendations: For OpenGnsys version 1.1.1d Espeto,...

5.3CVSS6.9AI score0.0046EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/12 12:0 a.m.10 views

PT-2024-27255 · Espeto · Opengnsys

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d Espeto Description: A SQL Injection issue has been discovered, allowing an attacker to inject malicious SQL code into the login page. This could enable the attacker to bypass the login or retrieve all the information...

9.8CVSS8.1AI score0.00729EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.7 views

OpenGnsys SQL注入漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A SQL injection vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of a SQL injection vulnerability that allows an attacker to inject malicious SQL code into th...

9.8CVSS7.7AI score0.00729EPSS
Exploits0References2
Rows per page
Query Builder