Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:14 a.m.4 views

CVE-2022-41573

An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution...

9.8CVSS7.6AI score0.01211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:13 p.m.8 views

CVE-2018-1000619

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, babgetAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons...

8.8CVSS7.3AI score0.02316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.5 views

CVE-2019-13977

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms=create=0=y, tg=delegat, tg=site=create, tg=site=4, tg=admdir=mdb=1, tg=notes=Create, tg=admfaqs=Add, or tg=admoc=addoc=...

5.4CVSS5.8AI score0.01505EPSS
Exploits5References1
NVD
NVD
added 2025/01/07 8:15 p.m.9 views

CVE-2022-41573

An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution...

9.8CVSS0.01211EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/07 12:0 a.m.96 views

CVE-2022-41573

An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution...

0.01211EPSS
Exploits0References3
CVE
CVE
added 2025/01/07 12:0 a.m.46 views

CVE-2022-41573

CVE-2022-41573 affects Ovidentia 8.3. The file upload feature does not prevent executable files; a user can upload a PHP-embedded PNG and rename it to .php, making it accessible at an images/common/ URI and enabling remote code execution. The available sources describe the impact (remote code exe...

9.8CVSS8.1AI score0.01211EPSS
Exploits0References3
Rows per page
Query Builder