Skip to main content

Isweb

3 CVEs product

Monthly

CVE-2018-14957 CRITICAL POC Act Now

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Isweb
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-14956 CRITICAL POC Act Now

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Isweb
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-15562 MEDIUM POC This Month

CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Isweb
NVD
CVSS 3.0
6.1
EPSS
1.0%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Isweb
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Isweb
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Isweb
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy