Lucene search

K
OvidentiaOvidentia

8 matches found

CVE
CVE
added 2022/02/17 9:15 p.m.105 views

CVE-2022-22914

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.

7.5CVSS7.4AI score0.00778EPSS
CVE
CVE
added 2019/07/19 7:15 a.m.75 views

CVE-2019-13978

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.

8.8CVSS9.1AI score0.00257EPSS
CVE
CVE
added 2019/07/19 7:15 a.m.61 views

CVE-2019-13977

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.

5.4CVSS5.1AI score0.00426EPSS
CVE
CVE
added 2018/07/09 8:29 p.m.38 views

CVE-2018-1000619

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.

8.8CVSS8.7AI score0.02759EPSS
CVE
CVE
added 2008/09/04 6:41 p.m.36 views

CVE-2008-3917

Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.

4.3CVSS5.7AI score0.01838EPSS
CVE
CVE
added 2008/09/04 6:41 p.m.33 views

CVE-2008-3918

SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

7.5CVSS8AI score0.00145EPSS
CVE
CVE
added 2008/10/03 10:22 p.m.32 views

CVE-2008-4423

SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.

6.5CVSS8.3AI score0.00491EPSS
CVE
CVE
added 2021/03/30 12:16 p.m.26 views

CVE-2021-29343

Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.

5.5CVSS5.9AI score0.00188EPSS