42 matches found
EUVD-2008-5904
Malware in sbrugna...
EUVD-2018-6838
Malware in sbrugna...
EUVD-2008-5903
Malware in sbrugna...
EUVD-2018-6839
Malware in sbrugna...
EUVD-2018-7437
Malware in sbrugna...
CMS ISWEB SQL Injection Vulnerability
CMS ISWEB is a content management system CMS. A SQL injection vulnerability exists in CMS ISWEB version 3.5.3. A remote attacker can exploit this vulnerability to inject malicious query statements into the application and obtain sensitive information...
CMS ISWEB Path Traversal Vulnerability
CMS ISWEB is a content management system CMS. A directory traversal vulnerability exists in CMS ISWEB version 3.5.3. An attacker can exploit this vulnerability to download the config.php file and take control of the application...
CVE-2018-14956
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information...
CVE-2018-14957
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggettodocumenti/../.././inc/config.php one can take the control of the application because credentials are present in that config.php file...
CVE-2018-14956
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information...
CVE-2018-14957
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggettodocumenti/../.././inc/config.php one can take the control of the application because credentials are present in that config.php file...
Directory traversal
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggettodocumenti/../.././inc/config.php one can take the control of the application because credentials are present in that config.php file...
Sql injection
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information...
CVE-2018-14956
CVE-2018-14956 affects CMS ISWEB 3.5.3. The vulnerability is SQL injection in the web application, enabling a remote attacker to inject malicious queries and obtain sensitive information. The PacketStorm page provides a PoC and details indicating an attacker could access the entire database and p...
CVE-2018-14957
CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggettodocumenti/../.././inc/config.php one can take the control of the application because credentials are present in that config.php file...
CVE-2018-14956
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information...
CVE-2018-14957
CVE-2018-14957 affects CMS ISWEB 3.5.3. The vulnerability is a directory traversal that enables local file download via moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php, exposing credentials stored in config.php and enabling an attacker to take control of the application. Pub...
CMS ISWEB 3.5.3 SQL Injection
Description CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. ------------------------------------------ Additional Information PoC Prints: https://imgur.com/a/buXJJKC ?id=1'...
CMS ISWEB Cross-Site Scripting Vulnerability
CMS ISWEB is a content management system CMS. A cross-site scripting vulnerability exists in the index.php file in CMS ISWEB version 3.5.3. A remote attacker can inject arbitrary web scripts or code with the help of the 'ordineRis', 'sezioneRicerca' or 'ogettiRicerca' parameter. parameter...
Code injection
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php...