Datacube3 Security Vulnerabilities and Issues — Datacube3 CVE List

Lucene search

F-logicDatacube3

4 matches found

CVE•added 2024/02/29 1:44 a.m.•7118 views

CVE-2024-25832

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.

8.8CVSS6.5AI score0.15015EPSS

CVE•added 2024/02/29 1:44 a.m.•83 views

CVE-2024-25830

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the roo...

9.8CVSS6.8AI score0.38983EPSS

CVE•added 2024/02/29 1:44 a.m.•79 views

CVE-2024-25833

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.

9.8CVSS8.1AI score0.0029EPSS

CVE•added 2024/02/29 1:44 a.m.•74 views

CVE-2024-25831

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.

6.1CVSS5.9AI score0.00121EPSS