Skip to main content

Letterbox

2 CVEs product

Monthly

CVE-2015-1587 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.2%.

PHP File Upload Gec Ged Letterbox
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
79.2%
Threat
5.4
CVE-2014-8995 MEDIUM POC This Month

SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Letterbox
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
1.3%
EPSS 79% 5.4 CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.2%.

PHP File Upload Gec Ged +1
NVD Exploit-DB
EPSS 1% CVSS 5.0
MEDIUM POC This Month

SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Letterbox
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy