5 matches found
CVE-2017-15380
The CVE-2017-15380 entry corresponds to a cross‑site scripting (XSS) vulnerability in E‑SIC version 1.0, exploitable via the /cadastro/index.php registration page and the nome parameter. Public references indicate a potential remote script injection vector, with impacts limited to user context (n...
CVE-2017-15381
CVE-2017-15381 affects E-Sic 1.0, with a SQL Injection vulnerability in the f parameter of esiclivre/restrito/inc/buscacep.php (zip code search). Root cause: unsanitized input in the f parameter leads to arbitrary SQL execution. Exploitation context: remote network exploitation; impact described ...
CVE-2017-15378
CVE-2017-15378 affects E-Sic version 1.0, where a SQL injection exists in the password-reset parameter cpfcnpj of the /reset endpoint. Root cause: unsafely interpolated input in the reset parameter leads to arbitrary SQL execution. Impact: remote attacker could execute arbitrary SQL commands (hig...
CVE-2017-15379
The CVE-2017-15379 entry covers an authentication bypass in E-Sic 1.0 at the /index (login) endpoint, exploitable via the username/password parameters using values like '=' or 'or'. Affected product: E-Sic 1.0; root cause: improper input validation in the login URI allows bypass of authentication...
CVE-2017-15373
CVE-2017-15373 : E-Sic 1.0 contains a SQL injection in the query parameter “q” of esiclivre/restrito/inc/lkpcep.php (the search private area). The root cause is improper handling of input leading to arbitrary SQL execution. Impact is described as partial to high confidentiality, integrity, and av...