5 matches found
EUVD-2020-19220
Malware in sbrugna...
CVE-2020-26677
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...
Cross site scripting
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...
Sql injection
Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...
CVE-2020-26677
Summary: CVE-2020-26677 affects the vFairs 3.3 virtual conference platform. Affected component is the API, where any user logged in can perform SQL injection by sending a malicious query. The connected documents corroborate the vulnerability description across sources (NVD entry and CNVD peer). I...