Remote code execution in Metasoft MetaCRM through 6.4.2 allows authenticated remote attackers to execute arbitrary code via unsafe deserialization of the 'p' parameter in the AnalyzeParam function of download.jsp. Publicly available exploit code exists; CVSS 2.1 score reflects required authentication (PR:L) and limited technical impact scope, but exploitation probability is marked as probable (E:P). Vendor did not respond to early disclosure notification.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 via the mobileupload.jsp endpoint allows authenticated remote attackers to upload arbitrary files with limited integrity and confidentiality impact. The vulnerability has been publicly disclosed with exploit code available on GitHub. Despite early vendor contact, Metasoft has not provided a patch or acknowledgment, leaving deployments unpatched.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the File parameter in sendfile.jsp, potentially enabling remote code execution or data exfiltration. The vulnerability has publicly available exploit code and affects systems with basic user authentication; however, the CVSS score of 2.1 reflects limited confidentiality, integrity, and availability impact in the base score, though exploitability is marked as probable (E:P).
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the File parameter in /business/common/sms/sendsms.jsp, potentially leading to remote code execution or data compromise. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists and the vendor has not responded to early disclosure.
Unrestricted file upload in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to upload arbitrary files via the /common/jsp/upload2.jsp endpoint, potentially enabling remote code execution or data exfiltration. The vulnerability requires valid user credentials (PR:L) but involves minimal technical complexity (AC:L). Public exploit code is available and the vendor has not responded to early disclosure notifications.
Cross-site scripting (XSS) in WikiDocs up to version 1.0.78 allows remote attackers to inject malicious scripts via the path parameter in template.inc.php, requiring user interaction to trigger. The vulnerability has publicly available exploit code and carries a low CVSS score (2.1) due to its reliance on user interaction and limited impact scope, though the EPSS score of 0.10% suggests minimal real-world exploitation likelihood despite public disclosure.
Reflected cross-site scripting in Huashengdun WebSSH up to version 1.6.2 allows remote attackers to inject malicious scripts via the hostname or port parameters on the login page, requiring user interaction to trigger. The vulnerability has a low CVSS score of 2.1 due to user interaction requirement and limited impact (integrity only), but publicly available exploit code exists and the vendor has not responded to disclosure attempts.
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the recipt_no parameter in /insertPayment.php, resulting in limited confidentiality and integrity impact. The vulnerability requires valid user credentials (PR:L) and carries a low CVSS score of 2.1 despite being classified critical by the discoverer. Exploit code is publicly available and has been disclosed, though no active widespread exploitation has been reported.
SQL injection in itsourcecode Insurance Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the nominee_id parameter in /insertNominee.php, resulting in limited confidentiality and integrity impact. Publicly available exploit code exists, though EPSS scoring (0.09th percentile) suggests minimal real-world exploitation likelihood despite the critical classification and public disclosure.
SQL injection in Onyx Chat Interface allows authenticated remote attackers to manipulate database queries via the generate_simple_sql function in the KB search component. Versions up to 0.29.1 are affected. While the CVSS score is low (2.1) due to limited impact scope and authentication requirement, public exploit code exists and the vendor has not responded to early disclosure, increasing real-world risk for users who cannot rapidly patch.
SQL injection in TDuckCloud tduck-platform 5.1 allows authenticated remote attackers to manipulate the formKey parameter in the UserFormDataMapper function, enabling unauthorized database queries with limited confidentiality and integrity impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
SQL injection in Metasoft MetaCRM up to version 6.4.2 allows authenticated remote attackers to execute arbitrary SQL commands via the workerid parameter in mcc_login.jsp, with publicly available exploit code disclosed after vendor non-response. Despite a CVSS score of 2.1, the vulnerability requires prior authentication (PR:L) and offers only limited confidentiality/integrity impact (VC:L/VI:L), making real-world exploitation risk significantly lower than the critical severity designation suggests.
Unrestricted file upload in JeeSite up to version 5.12.0 allows authenticated remote attackers to upload arbitrary files via the FileUploadController, potentially leading to remote code execution or data exfiltration. The vulnerability has a publicly disclosed proof-of-concept and is classified as critical despite a low CVSS 4.0 score of 2.1, indicating that the CVSS vector (requiring authenticated access and limited scope of impact) does not fully reflect the practical severity of unrestricted file upload capabilities in a web application context.
RuoYi versions up to 4.8.1 allow authenticated users to upload files without restriction via the CommonController.uploadFile function, enabling arbitrary file upload. The vulnerability requires valid credentials (PR:L per CVSS vector) but permits remote exploitation with low complexity. Public exploit code exists; however, EPSS score of 0.05% (15th percentile) suggests minimal real-world exploitation despite public disclosure, indicating the threat is constrained by authentication requirements or other practical barriers.
Improper restriction of rendered UI layers in RuoYi up to version 4.8.1 allows authenticated remote attackers to manipulate image source handling, leading to unauthorized UI layer visibility or modification. The CVSS score of 2.1 reflects limited integrity impact requiring authenticated access, but the low EPSS score (0.05%, 15th percentile) suggests this vulnerability has minimal real-world exploitation probability despite publicly available exploit code.
RuoYi up to version 4.8.1 uses hardcoded default credentials in the Druid database configuration file (application-druid.yml), allowing authenticated remote attackers to gain low-impact information disclosure. The vulnerability requires prior authentication (PR:L per CVSS 4.0) and has been publicly disclosed with exploit details available, though EPSS scoring (0.05%) and the low CVSS impact (VC:L only) suggest limited real-world exploitation risk despite the proof-of-concept availability.
Unrestricted file upload in Codecanyon iDentSoft 2.0 Account Setting Page allows high-privileged remote attackers to upload arbitrary files via the photo parameter in /clinica/profile/updateSetting, potentially enabling code execution or system compromise. CVSS score of 2.0 reflects the requirement for high-privilege authentication, but publicly available exploit code exists and the vulnerability has been disclosed. This is primarily a privilege-escalation concern affecting administrators rather than a default-configuration flaw.
Stored cross-site scripting (XSS) in JeeSite's xssFilter function allows authenticated users to inject malicious scripts via the text parameter in EncodeUtils.java, affecting versions up to 5.12.0. The vulnerability requires user interaction to trigger payload execution and has publicly available exploit code. With EPSS score of 0.07% and CVSS 2.0, exploitation likelihood is low despite public disclosure, but remediation is straightforward via vendor patch.
Stored cross-site scripting (XSS) vulnerability in Portabilis i-Educar 2.9.0 and 2.10.0 allows authenticated users to inject malicious scripts via the novo_titulo and novo_descricao parameters in the Agenda Module (/intranet/agenda.php), which are then executed in the browsers of other users viewing the affected content. The vulnerability requires user interaction (victim must view the crafted agenda entry) and authenticated access, resulting in a low-severity impact with an EPSS exploitation probability of 0.06% percentile 19. Public exploit code is available, though vendor did not respond to early disclosure notification.
Stored cross-site scripting (XSS) in RuoYi up to version 4.8.1 allows authenticated users to inject malicious scripts via the SysNoticeController.addSave function, compromising integrity of system notices. The vulnerability requires user interaction and authenticated access but has a publicly available proof-of-concept. With an EPSS score of 0.05%, exploitation remains unlikely in practice despite the public disclosure.
Stored cross-site scripting in PHPGurukul Apartment Visitors Management System 1.0 allows authenticated users to inject malicious scripts via the adminname parameter in /admin-profile.php, affecting other administrators who view the modified profile. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting its severity despite remote network accessibility. Publicly available exploit code exists, though real-world exploitation depends on social engineering authenticated users to click malicious links or administrative interaction.
Stored cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the Justificativa parameter in the /justificativas-de-falta endpoint, which are then executed in the browsers of other users viewing the page. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, limiting its severity despite public exploit availability. EPSS exploitation probability is very low at 0.05 percentile, and the vendor has not responded to disclosure.
Stored cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the filter[by_description] parameter in the /conteudos endpoint, which are then reflected to other users. The vulnerability requires user interaction (UI:P) to trigger but has low confidentiality impact and publicly available exploit code; however, the extremely low EPSS score (0.05%) and vendor non-responsiveness suggest limited real-world exploitation despite disclosed POC.
Cross-site scripting (XSS) in Portabilis i-Diario 1.5.0 allows authenticated users to inject malicious scripts via the Anexo parameter in the justificativas-de-falta endpoint, impacting other users who view the affected content. The vulnerability requires user interaction and authenticated access, with an EPSS score of 0.05% indicating low real-world exploitation likelihood despite public exploit availability. The vendor has not responded to disclosure communications.
Stored cross-site scripting in Portabilis i-Educar up to version 2.10 allows authenticated remote attackers to inject malicious scripts via the Motivo/descricao parameter in the Calendar Module (/intranet/educar_calendario_dia_motivo_cad.php), requiring user interaction to execute. Public exploit code is available and the vendor has not responded to disclosure attempts despite early notification.
Stored cross-site scripting in Portabilis i-Educar 2.9.0 allows authenticated remote attackers to inject malicious scripts via the nm_tipo parameter in the Turma Module administrative interface. The vulnerability requires user interaction and affects the integrity of application data. Publicly available exploit code exists, and the vendor has not responded to disclosure.
Stored cross-site scripting (XSS) in Portabilis i-Educar 2.9.0 allows authenticated users to inject malicious scripts via the 'Deficiência ou Transtorno' parameter in the Disabilities Module (/intranet/educar_deficiencia_lst.php), affecting other users who view the injected content. The vulnerability requires user interaction (victim must view the page) and authenticated access, limiting its severity to reflected/stored XSS with user-level privileges. Public exploit code exists, but active exploitation has not been confirmed in CISA KEV, and the vendor has not responded to disclosure.
Weak password recovery in Mercusys MW301R 1.0.2 Build 190726 allows high-privileged authenticated attackers to manipulate the code argument in the web interface to disclose or modify password recovery mechanisms, with publicly available exploit code. The vendor has not responded to early disclosure notification. EPSS exploitation probability is 0.04% (13th percentile), indicating minimal real-world exploitation likelihood despite public POC availability.
IDnow App for Android up to version 9.6.0 improperly exports application components via AndroidManifest.xml misconfiguration, allowing local attackers with user-level privileges to access sensitive functionality or information disclosure. The vulnerability is classified as low severity (CVSS 1.9) with publicly available exploit code, but the vendor has not responded to disclosure and no patch has been released. While exploitation requires local device access and legitimate app installation, the improper component export could enable privilege escalation or data theft when combined with other vulnerabilities.
InstantBits Web Video Cast on Android versions up to 5.12.4 improperly exports application components via AndroidManifest.xml configuration, allowing local attackers with user privileges to access sensitive functionality without authentication. The vulnerability has a CVSS score of 1.9 with low confidentiality impact and no integrity or availability impact, but is rated problematic due to the disclosure of exploitation techniques and vendor non-responsiveness. This is a local, low-severity information disclosure issue affecting only users with direct device access.
Foresight News App for Android versions up to 2.6.4 improperly exports application components via AndroidManifest.xml, allowing local attackers with limited privileges to access sensitive information. The CVSS 1.9 score reflects low actual impact (information disclosure only, no integrity or availability loss), though the vulnerability is publicly exploitable. EPSS percentile of 13% indicates minimal real-world exploitation likelihood despite public POC availability, suggesting this is a low-priority issue for most deployments.
Dunamu StockPlus Android app versions up to 7.62.10 improperly export application components via AndroidManifest.xml configuration, allowing local attackers with low privileges to access sensitive functionality. The vulnerability requires local device access and affects the com.dunamu.stockplus component, resulting in limited information disclosure. Publicly available exploit code exists, and the vendor did not respond to early disclosure notification.
CallApp Caller ID App versions up to 2.0.4 on Android improperly export application components via AndroidManifest.xml misconfiguration, allowing local authenticated attackers to access sensitive functionality with limited information disclosure impact. The vulnerability has been publicly disclosed with exploit code available, though the CVSS score of 1.9 and EPSS of 0.03% indicate minimal real-world exploitation risk despite public POC availability.
Improper brute-force protection in the Mercusys MW301R router allows local network attackers to conduct excessive authentication attempts against the login component without rate limiting. The vulnerability affects firmware version 1.0.2 Build 190726 Rel.59423n and permits attackers to bypass authentication attempt restrictions, though actual credential compromise requires additional attack complexity. Public exploit code exists, but the vendor has not responded to disclosure and provided no patch.
Eluktronics Control Center 5.23.51.41 permits local authenticated users to bypass data authenticity verification in the REG File Handler component, resulting in potential information disclosure. The vulnerability requires local access and authenticated privileges but carries minimal real-world impact given the CVSS 1.9 score and EPSS exploitation probability of 0.01% (third percentile). Public exploit code has been disclosed, though vendor has not responded to disclosure notifications.