Skip to main content

Sitos Six

6 CVEs product

Monthly

CVE-2019-15751 CRITICAL Act Now

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE Sitos Six
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-15750 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sitos Six
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-15749 MEDIUM This Month

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sitos Six
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-15748 CRITICAL Act Now

SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sitos Six
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-15747 HIGH This Week

SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sitos Six
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-15746 CRITICAL Act Now

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Sitos Six
NVD
CVSS 3.1
9.8
EPSS
1.9%
EPSS 4% CVSS 9.8
CRITICAL Act Now

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload RCE +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sitos Six
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sitos Six
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sitos Six
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sitos Six
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Sitos Six
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy