|
210971
|
5.3 |
MEDIUM
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username inform…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-20472
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210972
|
8.8 |
HIGH
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
|
CWE-863
Incorrect Authorization
|
CVE-2020-20471
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210973
|
5.3 |
MEDIUM
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-20470
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210974
|
7.5 |
HIGH
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vul…
|
CWE-89
SQL Injection
|
CVE-2020-20469
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210975
|
6.5 |
MEDIUM
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.
|
CWE-352
Origin Validation Error
|
CVE-2020-20468
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210976
|
6.5 |
MEDIUM
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
|
NVD-CWE-Other
|
CVE-2020-20467
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210977
|
9.8 |
CRITICAL
Network
|
white_shark_systems_project
|
white_shark_systems
|
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.
|
CWE-863
Incorrect Authorization
|
CVE-2020-20466
|
2024-11-21 14:12 |
2021-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210978
|
7.2 |
HIGH
Network
|
openclinic_project
|
openclinic
|
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE v…
|
CWE-862
Missing Authorization
|
CVE-2020-20444
|
2024-11-21 14:12 |
2021-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210979
|
6.1 |
MEDIUM
Network
|
zrlog
|
zrlog
|
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname…
|
CWE-79
Cross-site Scripting
|
CVE-2020-21316
|
2024-11-21 14:12 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210980
|
6.5 |
MEDIUM
Network
|
wellcms
|
wellcms
|
WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-21005
|
2024-11-21 14:12 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
