9 matches found
EUVD-2019-6685
Malware in sbrugna...
CVE-2019-15746
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...
CVE-2019-15751
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands...
Cross site scripting
A Cross-Site Scripting XSS vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
Default credentials
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account e.g., via XSS or an unattended workstation to change that password and...
CVE-2019-15751
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands...
CVE-2019-15750
A Cross-Site Scripting XSS vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2019-15749
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account e.g., via XSS or an unattended workstation to change that password and...
CVE-2019-15747
CVE-2019-15747 affects SITOS six Build v6.2.1. A user with the Seminar Coordinator role can escalate to System Administrator due to insufficient server-side access checks, enabling privilege escalation. CVSS data in the records shows a high impact (CVSS‑3.1 base score 8.8) but no exploit details ...