21 matches found
EUVD-2018-4990
Malware in sbrugna...
EUVD-2018-4989
Malware in sbrugna...
EUVD-2018-4988
Malware in sbrugna...
OpenSID Arbitrary File Upload Vulnerability
OpenSID is a village information management system developed by the SID community. An arbitrary file upload vulnerability exists in OpenSID version 18.06-pasca. An attacker can exploit this vulnerability to upload arbitrary PHP code with the help of an attached document in the article function...
OpenSID Cross-Site Request Forgery Vulnerability
OpenSID is a village information management system developed by the SID community. A cross-site request forgery vulnerability exists in index.php/manuser/insert URI in OpenSID version 18.06-pasca, which can be exploited by an attacker to add an administrator-level account...
OpenSID Cross-Site Scripting Vulnerability
OpenSID is a village information management system developed by the SID community. A cross-site scripting vulnerability exists in OpenSID version 18.06-pasca. A remote attacker can exploit this vulnerability to inject web script or HTML with the help of the 'cari' parameter i.e...
Unrestricted file upload
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...
Cross site request forgery (csrf)
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...
CVE-2018-13040
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...
CVE-2018-13038
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...
CVE-2018-13039
OpenSID 18.06-pasca has reflected Cross Site Scripting XSS via the cari parameter, aka an index.php/first?cari= URI...
CVE-2018-13038
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...
Cross site scripting
OpenSID 18.06-pasca has reflected Cross Site Scripting XSS via the cari parameter, aka an index.php/first?cari= URI...
CVE-2018-13040
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...
CVE-2018-13039
OpenSID 18.06-pasca has reflected Cross Site Scripting XSS via the cari parameter, aka an index.php/first?cari= URI...
CVE-2018-13040
OpenSID 18.06-pasca is affected by a CSRF vulnerability that can add an administrator-level account via the index.php/man_user/insert URI. The issue is described across multiple sources (including CVE-2018-13040 in NVD and CNVD/OSV entries), identifying the vulnerable component as the admin user-...
CVE-2018-13038
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...
CVE-2018-13039
OpenSID 18.06-pasca is affected by CVE-2018-13039: a reflected Cross Site Scripting (XSS) vulnerability in the cari parameter, exploitable via index.php/first?cari=. CNVD/CNVD-2018-13871, NVD CVE-2018-13039 and related records describe that a remote attacker can inject script/HTML to access user ...
CVE-2018-13038
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability in the article feature’s Attachment Document, allowing an attacker to upload arbitrary PHP code using a .php filename with Content-Type: application/pdf. Root cause is unrestricted file upload in the attachment workflow; impact is ...
CVE-2018-13040
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...