Vfairs Security Vulnerabilities and Issues — Vfairs CVE List

Lucene search

VfairsVfairs

4 matches found

CVE•added 2021/05/26 12:15 p.m.•36 views

CVE-2020-26678

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution.

8.8CVSS9.1AI score0.02951EPSS

CVE•added 2021/05/26 12:15 p.m.•29 views

CVE-2020-26677

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API.

8.8CVSS8.9AI score0.00535EPSS

CVE•added 2021/05/26 12:15 p.m.•26 views

CVE-2020-26679

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profile ...

4.3CVSS4.5AI score0.00139EPSS

CVE•added 2021/05/26 12:15 p.m.•22 views

CVE-2020-26680

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to pe...

5.4CVSS5.1AI score0.00302EPSS