Lucene search
K
OpencodeUssd Gateway6.13.11

5 matches found

CVE
CVE
added 2025/11/26 12:0 a.m.17 views

CVE-2025-65239

CVE-2025-65239 affects OpenCode Systems USSD Gateway OC Release:5 (version 6.13.11). The /aux1/ocussd/trace endpoint has incorrect access control, enabling attackers with low privileges to read server logs. Reported CVSSv3.1 base score is 4.3 (MEDIUM), with network access, low privileges required...

4.3CVSS6.4AI score0.00251EPSS
CVE
CVE
added 2025/11/26 12:0 a.m.16 views

CVE-2025-65238

OpenCode Systems USSD Gateway OC is affected by CVE-2025-65238. The issue is an incorrect access control in the getSubUsersByProvider function, in OC Release 5 Version 6.13.11, which could allow attackers with low privileges to dump user records and access sensitive information. The available con...

6.5CVSS6.4AI score0.00293EPSS
CVE
CVE
added 2025/11/26 12:0 a.m.15 views

CVE-2025-65235

CVE-2025-65235 affects OpenCode Systems USSD Gateway OC Release: 5, Version 6.13.11, with a SQL injection in the ID parameter of the getSubUsersByProvider function. Connected sources (Red Hat, EU ENISA, NVD/CVE records, CNNVD) corroborate a SQL injection vulnerability in this release. The CVSSv3....

9.8CVSS8AI score0.00392EPSS
CVE
CVE
added 2025/11/26 12:0 a.m.14 views

CVE-2025-65236

CVE-2025-65236 affects OpenCode Systems USSD Gateway OC Release 5. The issue is a SQL injection via the Session ID parameter in the endpoint /occontrolpanel/index.php . CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impacts incl...

9.8CVSS8AI score0.00392EPSS
Web
CVE
CVE
added 2025/11/26 12:0 a.m.14 views

CVE-2025-65237

OpenCode Systems USSD Gateway OC Release 5 is affected by a reflected XSS vulnerability that lets an attacker inject arbitrary JavaScript into a user’s browser by sending a crafted payload. The issue is documented across multiple sources (e.g., Red Hat CVE entry and NVD) with a CVSSv3.1 base scor...

6.1CVSS6.1AI score0.0023EPSS