Skip to main content

Ocomon

5 CVEs product

Monthly

CVE-2023-33559 HIGH This Week

A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Ocomon
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33558 HIGH PATCH This Week

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Ocomon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-40798 HIGH POC This Week

OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ocomon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-41391 CRITICAL POC Act Now

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ocomon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41390 CRITICAL POC Act Now

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ocomon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
EPSS 1% CVSS 8.8
HIGH This Week

A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Ocomon
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Ocomon
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ocomon
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ocomon
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ocomon
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy