Path traversal in OpenViglet Shio up to version 0.3.8 allows authenticated remote attackers to read arbitrary files by manipulating the fileName parameter in the shStaticFilePreUpload API endpoint. The vulnerability has low practical impact (CVSS 2.1, EPSS 0.22%) despite being rated critical in severity classification, as it requires prior authentication and provides only limited confidentiality exposure. Public exploit code is available.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.9 allows remote attackers to inject malicious scripts via the descricao parameter in /intranet/educar_escolaridade_lst.php, requiring user interaction to execute. The vulnerability has a low CVSS score of 2.1 and EPSS exploitation probability of 0.11%, but publicly available exploit code exists and the vendor did not respond to early disclosure.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.9 allows remote attackers to inject malicious scripts via the titulo_avaliacao parameter in /intranet/educar_avaliacao_desempenho_lst.php. The vulnerability requires user interaction (clicking a malicious link) but has a low CVSS score of 2.1 and a minimal EPSS exploitation probability of 0.11%, placing it in the 29th percentile. Publicly available exploit code exists and the vendor has not responded to disclosure attempts.
Reflected cross-site scripting in Portabilis i-Educar 2.9 allows remote attackers to inject arbitrary JavaScript via the campo_busca and cpf parameters in /intranet/pesquisa_pessoa_lst.php. The vulnerability requires user interaction (clicking a malicious link) but enables session hijacking, credential theft, or defacement of educational records. Publicly available exploit code exists; the vendor did not respond to disclosure.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.9 allows remote attackers to inject malicious scripts via the 'nome' parameter in /intranet/funcionario_vinculo_lst.php. The vulnerability requires user interaction (clicking a malicious link) but enables session hijacking, credential theft, and unauthorized administrative actions. Public exploit code is available, though EPSS probability remains low at 0.11% percentile, suggesting limited real-world exploitation despite disclosure.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.9 allows remote unauthenticated attackers to inject arbitrary JavaScript via the nome or matricula_servidor parameters in /intranet/educar_servidor_lst.php. The vulnerability requires user interaction (clicking a malicious link) and has low confidentiality impact but can lead to session hijacking or credential theft. Publicly available exploit code exists, though exploitation likelihood remains low (EPSS 0.11%) due to user interaction requirement and limited real-world impact surface.
Unrestricted file upload in OpenViglet Shio through version 0.3.8 allows authenticated remote attackers to upload arbitrary files via manipulation of the filename parameter in the ShStaticFileAPI.shStaticFileUpload function. The vulnerability requires valid authentication credentials but lacks proper input validation on uploaded filenames, enabling arbitrary file placement on the server. Publicly available exploit code exists, though EPSS score remains low at 0.11% (28th percentile), suggesting limited real-world exploitation despite public disclosure.
SQL injection in Campcodes Online Hotel Reservation System 1.0 allows authenticated remote attackers to manipulate the room_id parameter in /admin/edit_room.php, enabling data exfiltration and modification with low impact. The vulnerability requires valid login credentials (PR:L) and carries a CVSS 2.1 score reflecting limited scope; however, the public exploit disclosure and EPSS percentile 20 suggest limited real-world exploitation interest despite active availability of proof-of-concept code.
SQL injection in Campcodes Online Hotel Reservation System 1.0 via the room_id parameter in /add_reserve.php allows authenticated remote attackers to execute arbitrary SQL queries, but CVSS 2.1 and EPSS 0.07% (20th percentile) indicate minimal real-world risk despite public exploit availability. The vulnerability requires valid user authentication and produces only low confidentiality, integrity, and availability impact-inconsistent with the 'critical' classification in the initial report.
Reflected cross-site scripting (XSS) in Intern Membership Management System 1.0 allows remote attackers to inject malicious scripts via the email parameter in fill_details.php, executable only with user interaction. The vulnerability has a publicly available exploit and affects the error message handler, resulting in integrity impact (CVSS 2.1, EPSS 0.07%). While the attack vector is network-accessible and requires minimal complexity, the low CVSS and EPSS scores reflect the necessity for user interaction and limited technical impact.
Reflected cross-site scripting (XSS) in Portabilis i-Educar 2.10 allows remote unauthenticated attackers to inject arbitrary JavaScript via the ref_cod_matricula parameter in /educar_aluno_lst.php, affecting users who click malicious links. The vulnerability has publicly available exploit code and a low CVSS score (2.1) due to requirement for user interaction, but represents a typical web application flaw in educational management systems with potential for credential theft or session hijacking.
SQL injection in Kehua Charging Pile Cloud Platform 1.0 endpoint /sys/task/findAllTask allows authenticated remote attackers to execute arbitrary SQL queries with limited confidentiality and integrity impact. The vulnerability has a publicly available exploit and was disclosed to the vendor without response, though EPSS score of 0.04% suggests low real-world exploitation probability despite public POC availability.
Unrestricted file upload in Campcodes Online Hotel Reservation System 1.0 allows high-privileged authenticated administrators to upload arbitrary files via the photo parameter in /admin/edit_room.php, potentially leading to remote code execution. The vulnerability requires administrative credentials to exploit and has publicly available proof-of-concept code, but carries low real-world risk due to the high privilege requirement (PR:H) and limited confidentiality/integrity impact in the CVSS v4.0 vector.
Stored cross-site scripting (XSS) in Portabilis i-Educar 2.10 via the atendidos_cad.php file allows authenticated remote attackers with user interaction to inject malicious scripts through the nome, nome_social, or email parameters, resulting in minor integrity impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.
Cross-site scripting (XSS) in Campcodes Online Hotel Reservation System 1.0 allows authenticated users to inject malicious scripts via the Name parameter in /admin/add_query_account.php, affecting the integrity of admin-level functionality. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting direct remote exploitation to attackers with valid credentials; however, publicly available exploit code exists, and the CVSS 2.0 score with VI:L (integrity impact) reflects limited but confirmed damage potential in a stored XSS context.
A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
SQL injection in Lingdang CRM versions up to 8.6.4.7 allows authenticated remote attackers to execute arbitrary SQL queries via the function parameter in the delete_user function of crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. Public exploit code exists, and vendor has released patched version 8.6.5.2 to remediate the vulnerability.