SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.
9.8CVSS
9.9AI Score
0.002EPSS
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.
7.2CVSS
6.7AI Score
0.003EPSS
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.
9.8CVSS
9.3AI Score
0.011EPSS