17 matches found
CVE-2021-27341
OpenSIS Community Edition version = 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter...
EUVD-2020-27290
Malware in sbrugna...
EUVD-2021-14101
Malware in sbrugna...
CVE-2020-6136
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2023-38879
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'...
CVE-2023-38879
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'...
CVE-2023-38879
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'...
OpenSIS Community Edition Local File Inclusion Vulnerability
OpenSIS is the community edition of an open source enterprise content management system from Alfresco Software, Inc. The system includes document management, office collaboration and other features. openSIS Community Edition in versions prior to 7.6 there is a local file inclusion vulnerability,...
CVE-2021-27341
OpenSIS Community Edition version = 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter...
Design/Logic Flaw
OpenSIS Community Edition version = 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter...
CVE-2021-27341
OpenSIS Community Edition
CVE-2021-27341
OpenSIS Community Edition version = 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter...
CVE-2020-6136
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6136
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Sql injection
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6136
An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
OS4Ed openSIS DownloadWindow.php SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...