Skip to main content

Offsite Dr

4 CVEs product

Monthly

CVE-2021-26474 HIGH This Week

Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bdr Suite Offsite Dr
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-26473 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-26472 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft PHP Command Injection Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-26471 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
2.3%
EPSS 1% CVSS 8.8
HIGH This Week

Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bdr Suite Offsite Dr
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Bdr Suite +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft PHP Command Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Bdr Suite +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy