CVE-2024-5409

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...

CVE-2024-5408

Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL...

CVE-2024-5407

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

CVE-2018-18760

RhinOS 3.0 build 1190 allows CSRF...

CVE-2018-18760

RhinOS 3.0 build 1190 allows CSRF...

Cross site request forgery (csrf)

RhinOS 3.0 build 1190 allows CSRF...

CVE-2018-18760

CVE-2018-18760 affects RhinOS 3.0 build 1190 (RhinOS CMS 3.x). Connected sources describe a Cross-Site Request Forgery (CSRF) vulnerability that enables arbitrary file download through the web interface (e.g., download.php triggering with crafted parameters such as file/name/size/type). The explo...

CVE-2018-18760

RhinOS 3.0 build 1190 allows CSRF...

RhinOS 3.0 r1113 Local File Inclusion

------------------------------------------------------------------------ Software................RhinOS 3.0 r1113 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.saltos.net/portal/es/rhinos.htm Release Date............3/3/2011...