GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx".
8.8CVSS
8.4AI Score
0.007EPSS
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.
5.3CVSS
5.1AI Score
0.006EPSS