CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2023/05/05 12:0 a.m.•3 views

PT-2023-20140 · Unilogies · Bumsys

Name of the Vulnerable Software and Affected Versions: unilogies/bumsys versions prior to 2.2.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application receives input from a user and stores it, allowing an attacker to inject malicious scripts. This...

5.4CVSS4.7AI score0.0037EPSS

Exploits1References6

Positive Technologies•added 2023/05/05 12:0 a.m.•3 views

PT-2023-20148 · Bumsys · Bumsys

Name of the Vulnerable Software and Affected Versions: bumsys versions prior to 2.2.0 Description: The issue concerns external control of file name or path in the GitHub repository unilogies/bumsys. Recommendations: For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issu...

7.2CVSS7AI score0.31215EPSS

Exploits1References5

CVE•added 2023/05/05 12:0 a.m.•37 views

CVE-2023-2554

CVE-2023-2554 affects unilogies/bumsys prior to 2.2.0. The issue is External Control of File Name or Path, enabling path traversal via user-supplied input used to build file paths in easyUpload, potentially allowing arbitrary file write. Public sources (NVD/Red Hat/Rust) rate severity as HIGH (CV...

7.2CVSS7AI score0.31215EPSS

OSV•added 2023/05/05 12:0 a.m.•18 views

CVE-2023-2554 External Control of File Name or Path in unilogies/bumsys

External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0...

7.2CVSS7.1AI score0.31215EPSS

CVE•added 2023/05/05 12:0 a.m.•145 views

CVE-2023-2551

CVE-2023-2551 affects the PHP-based Bumsys (unilogies/bumsys) with versions prior to 2.1.1. The vulnerability stems from an API endpoint that processes file paths and allows local files to be included, enabling remote code execution via crafted requests to the api route. The root cause is unsafe ...

8.8CVSS8AI score0.01914EPSS

CVE•added 2023/05/05 12:0 a.m.•133 views

CVE-2023-2552

CVE-2023-2552 describes a CSRF vulnerability in unilogies/bumsys prior to 2.1.1. Connected sources provide a PoC: an attacker can reach ajax.php via /accounts/ajax without CSRF token, bypassing the check, potentially enabling unauthorized actions side-channel via a crafted request. The vulnerabil...

8.8CVSS8.9AI score0.0043EPSS

CVE•added 2023/05/05 12:0 a.m.•131 views

CVE-2023-2553

CVE-2023-2553 is a stored XSS in unilogies/bumsys prior to version 2.2.0. The vulnerability arises when user input (e.g., customerName) is stored and later rendered without proper escaping, enabling injected scripts as shown in PoC payloads (e.g., customerName containing ). Affected product: unil...

5.4CVSS5.1AI score0.0037EPSS

Cvelist•added 2023/05/05 12:0 a.m.•18 views

CVE-2023-2554 External Control of File Name or Path in unilogies/bumsys

External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0...

7.2CVSS7.2AI score0.31215EPSS

OSV•added 2023/05/05 12:0 a.m.•30 views

CVE-2023-2551 PHP Remote File Inclusion in unilogies/bumsys

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1...

7.2CVSS7.5AI score0.01914EPSS

Cvelist•added 2023/05/05 12:0 a.m.•18 views

CVE-2023-2553 Cross-site Scripting (XSS) - Stored in unilogies/bumsys

Cross-site Scripting XSS - Stored in GitHub repository unilogies/bumsys prior to 2.2.0...

4.8CVSS5.5AI score0.0037EPSS

Cvelist•added 2023/05/05 12:0 a.m.•17 views

CVE-2023-2552 Cross-Site Request Forgery (CSRF) in unilogies/bumsys

Cross-Site Request Forgery CSRF in GitHub repository unilogies/bumsys prior to 2.1.1...

8.8CVSS9.1AI score0.0043EPSS

NVD•added 2023/03/13 5:15 a.m.•13 views

CVE-2023-1361

SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2...

7.2CVSS7AI score0.00751EPSS

Prion•added 2023/03/13 5:15 a.m.•14 views

Sql injection

SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2...

5.8CVSS6.9AI score0.00751EPSS

Vulnrichment•added 2023/03/13 12:0 a.m.•8 views

CVE-2023-1362 Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2...

8.4CVSS6.3AI score0.01411EPSS

Vulnrichment•added 2023/03/13 12:0 a.m.•8 views

CVE-2023-1361 SQL Injection in unilogies/bumsys

SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2...

7.2CVSS7AI score0.00751EPSS

Positive Technologies•added 2023/03/13 12:0 a.m.•3 views

PT-2023-16928 · Unilogies · Bumsys

Name of the Vulnerable Software and Affected Versions: unilogies/bumsys versions prior to 2.0.2 Description: The issue is related to SQL Injection. Recommendations: For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue...

7.2CVSS6.7AI score0.00751EPSS

Positive Technologies•added 2023/03/13 12:0 a.m.•4 views

PT-2023-16929 · Unilogies · Bumsys

Name of the Vulnerable Software and Affected Versions: unilogies/bumsys versions prior to 2.0.2 Description: The issue is related to improper restriction of rendered UI layers or frames. Recommendations: For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue...

8.4CVSS6.9AI score0.01411EPSS

OSV•added 2023/03/13 12:0 a.m.•21 views

CVE-2023-1361 SQL Injection in unilogies/bumsys

SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2...

7.2CVSS7.4AI score0.00751EPSS