5 matches found
EUVD-2018-6694
Malware in sbrugna...
Code injection
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator...
CVE-2018-14810
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator...
CVE-2018-14810
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator...
Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)
The Erident Custom Login and Dashboard plugin exposes a call to the updateoption method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to...