Skip to main content
CVE-2021-3118 CRITICAL POC Act Now

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecs Imaging
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-0316 CRITICAL PATCH Act Now

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
3.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy