Skip to main content

Gpweb

3 CVEs product

Monthly

CVE-2017-15877 CRITICAL POC Act Now

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gpweb
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-15876 HIGH POC This Week

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gpweb
NVD
CVSS 3.0
7.2
EPSS
1.1%
CVE-2017-15875 CRITICAL POC Act Now

SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gpweb
NVD
CVSS 3.0
9.8
EPSS
0.5%
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gpweb
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gpweb
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gpweb
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy