Lucene search
+L
SoftwarepublicoE-sic

5 matches found

cve
cve
added 2017/10/23 8:0 a.m.52 views

CVE-2017-15380

The CVE-2017-15380 entry corresponds to a cross‑site scripting (XSS) vulnerability in E‑SIC version 1.0, exploitable via the /cadastro/index.php registration page and the nome parameter. Public references indicate a potential remote script injection vector, with impacts limited to user context (n...

6.1CVSS5.9AI score0.00818EPSS
Web
cve
cve
added 2017/10/23 8:0 a.m.52 views

CVE-2017-15381

CVE-2017-15381 affects E-Sic 1.0, with a SQL Injection vulnerability in the f parameter of esiclivre/restrito/inc/buscacep.php (zip code search). Root cause: unsanitized input in the f parameter leads to arbitrary SQL execution. Exploitation context: remote network exploitation; impact described ...

9.8CVSS9.8AI score0.01482EPSS
Web
cve
cve
added 2017/10/23 8:0 a.m.51 views

CVE-2017-15378

CVE-2017-15378 affects E-Sic version 1.0, where a SQL injection exists in the password-reset parameter cpfcnpj of the /reset endpoint. Root cause: unsafely interpolated input in the reset parameter leads to arbitrary SQL execution. Impact: remote attacker could execute arbitrary SQL commands (hig...

8.8CVSS9.1AI score0.01403EPSS
cve
cve
added 2017/10/23 8:0 a.m.51 views

CVE-2017-15379

The CVE-2017-15379 entry covers an authentication bypass in E-Sic 1.0 at the /index (login) endpoint, exploitable via the username/password parameters using values like '=' or 'or'. Affected product: E-Sic 1.0; root cause: improper input validation in the login URI allows bypass of authentication...

9.8CVSS9.6AI score0.0273EPSS
cve
cve
added 2017/10/16 4:0 a.m.49 views

CVE-2017-15373

CVE-2017-15373 : E-Sic 1.0 contains a SQL injection in the query parameter “q” of esiclivre/restrito/inc/lkpcep.php (the search private area). The root cause is improper handling of input leading to arbitrary SQL execution. Impact is described as partial to high confidentiality, integrity, and av...

9.8CVSS9.7AI score0.01706EPSS
Web