8 matches found
CVE-2024-11019
CVE-2024-11019 affects Webopac from Grand Vice info. The connected documents describe a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser via phishing techniques. CVSSv3.1 base score 6.1 (Medium) with Netw...
CVE-2024-11017
CVE-2024-11017 affects Grand Vice info Webopac. The issue is improper validation of uploaded file types in Webopac, enabling remote attackers with regular privileges to upload and execute webshells, risking arbitrary code execution on the server. Affected versions include Grand Vice Webopac 6.x b...
CVE-2024-11016
CVE-2024-11016 affects Webopac from Grand Vice info. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Reported CVSS 3.1 v3.1 base score is 9.8 (CRITICAL) with network attack Vector, no...
CVE-2024-11020
CVE-2024-11020 affects Grand Vice info Webopac (Webopac from Grand Vice info). The vulnerability is a SQL Injection in the Webopac web interface that allows an unauthenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Several sources corrobora...
CVE-2024-11021
CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...
CVE-2024-11018
CVE-2024-11018 affects Grand Vice Info Webopac. Public records describe a lack of proper file-type validation that allows unauthenticated remote attackers to upload and execute webshells, potentially enabling arbitrary code execution on the server. Affected versions are stated as up to 6.5.0/7.2....
CVE-2021-42838
Summary: CVE-2021-42838 affects Grand Vice info Co. webopac7, where the book search field does not properly restrict special characters. Vulnerability details: Unauthenticated remote attackers can inject JavaScript syntax via the search input, enabling reflected XSS attacks. The root cause is ina...
CVE-2021-42839
CVE-2021-42839 : Concrete details across multiple sources show Grand Vice info Co. webopac7 contains an arbitrary file upload vulnerability where the upload function fails to filter special characters. A remote attacker authenticated as a general user could upload a malicious script and execute a...