Skip to main content

Minical

5 CVEs product

Monthly

CVE-2023-46478 HIGH POC This Week

An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Minical
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-3307 HIGH POC This Week

A vulnerability was found in miniCal 1.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Minical
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-33410 HIGH POC This Week

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Minical
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-33409 MEDIUM POC This Month

Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Minical
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-33408 MEDIUM POC This Month

Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Minical
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Minical
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in miniCal 1.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Minical
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Minical
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Minical
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Minical
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy