Skip to main content

Ecs Imaging

3 CVEs product

Monthly

CVE-2023-26913 MEDIUM POC This Month

EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ecs Imaging
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-3118 CRITICAL POC Act Now

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecs Imaging
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-3029 CRITICAL Act Now

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Ecs Imaging
NVD
CVSS 3.1
9.8
EPSS
3.0%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ecs Imaging
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecs Imaging
NVD Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL Act Now

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Ecs Imaging
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy