Travianz_project Travianz
4 CVEs affecting Travianz_project Travianz. Latest disclosed: 2023-07-07. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-36994 | Critical | 9.8 | 2023-07-07 | In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. |
CVE-2023-36993 | Critical | 9.8 | 2023-07-07 | The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the pa… |
CVE-2023-36992 | High | 7.2 | 2023-07-07 | PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. |
CVE-2023-36995 | Medium | 6.1 | 2023-07-06 | TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. |