Skip to main content

Ovidentia

5 CVEs product

Monthly

CVE-2022-22914 HIGH POC This Week

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ovidentia
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-29343 MEDIUM POC This Month

Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ovidentia
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-13978 HIGH POC This Week

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ovidentia
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-13977 MEDIUM POC This Month

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ovidentia
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.5%
CVE-2018-1000619 HIGH This Week

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Ovidentia
NVD
CVSS 3.0
8.8
EPSS
2.3%
EPSS 1% CVSS 7.5
HIGH POC This Week

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ovidentia
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ovidentia
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ovidentia
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM POC This Month

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ovidentia
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.8
HIGH This Week

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy