Skip to main content

Sambabox

3 CVEs product

Monthly

CVE-2026-3120 HIGH PATCH This Week

Remote code execution in SambaBox 5.1-5.2 allows authenticated administrators to inject and execute arbitrary OS commands through improper input sanitization. Attackers with high-privilege access can achieve full system compromise with confidentiality, integrity, and availability impact. Reported by Turkish national CERT (TR-CERT/USOM), no CISA KEV listing or public exploit code identified at time of analysis, indicating limited observed exploitation activity.

RCE Command Injection Code Injection Sambabox
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2022-25620 CRITICAL Act Now

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sambabox
NVD
CVSS 3.1
9.0
EPSS
0.4%
CVE-2022-25619 MEDIUM This Month

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Sambabox
NVD
CVSS 3.1
6.7
EPSS
0.3%
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Remote code execution in SambaBox 5.1-5.2 allows authenticated administrators to inject and execute arbitrary OS commands through improper input sanitization. Attackers with high-privilege access can achieve full system compromise with confidentiality, integrity, and availability impact. Reported by Turkish national CERT (TR-CERT/USOM), no CISA KEV listing or public exploit code identified at time of analysis, indicating limited observed exploitation activity.

RCE Command Injection Code Injection +1
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sambabox
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Sambabox
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy