iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.
6.5CVSS
6.5AI Score
0.001EPSS
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
6.5CVSS
6.5AI Score
0.001EPSS
iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)
8.8CVSS
8.6AI Score
0.001EPSS
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.
7.5CVSS
7.5AI Score
0.001EPSS
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
9.8CVSS
9.6AI Score
0.004EPSS
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
9.8CVSS
9.6AI Score
0.004EPSS
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
6.5CVSS
6.6AI Score
0.001EPSS
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
6.5CVSS
6.6AI Score
0.001EPSS
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.
9.8CVSS
9.6AI Score
0.004EPSS
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
9.8CVSS
9.3AI Score
0.004EPSS
8.1CVSS
8AI Score
0.001EPSS