Lucene search

Isweb Security Vulnerabilities

cve

CVE-2018-14956

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive...

9.8CVSS

9.6AI Score

0.004EPSS

2018-09-28 12:29 AM

cve

CVE-2018-14957

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php...

9.8CVSS

9.1AI Score

0.007EPSS

2018-09-28 12:29 AM

cve

CVE-2018-15562

CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to...

6.1CVSS

5.9AI Score

0.001EPSS

2018-08-29 07:29 PM