Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API.
8.8CVSS
8.9AI Score
0.002EPSS
vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution.
8.8CVSS
9.1AI Score
0.007EPSS
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profile ...
4.3CVSS
4.5AI Score
0.002EPSS
In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to pe...
5.4CVSS
5.1AI Score
0.001EPSS