9 matches found
EUVD-2019-15825
Malware in sbrugna...
EUVD-2020-9999
Malware in sbrugna...
CVE-2024-51093
Stored Cross-Site Scripting XSS vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system...
CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...
CVE-2024-51094
CVE-2024-51094 affects Snipe-IT v7.0.13 build 15514. A low-privileged attacker can modify their profile Name field to inject a malicious payload; when an administrator uses the People Management page to export data as CSV and opens it, the payload can exfiltrate internal data from the CSV to a re...
Path traversal
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...
CVE-2020-18070
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...
CVE-2020-18070
CVE-2020-18070 : In iCMS v7.0.13, a path traversal vulnerability in the PHP component database.admincp.php lets remote attackers delete folders by injecting commands in a crafted HTTP request to the do_del() method. Impact per CVSS indicates high integrity and availability impact (I/H, A/H) with ...
CVE-2019-6259
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php dataid parameter...