Travianz_project Travianz

4 CVEs affecting Travianz_project Travianz. Latest disclosed: 2023-07-07. Critical: 2, High: 1.

Top CVEs affecting Travianz_project Travianz
CVESeverityScorePublishedSummary
CVE-2023-36994Critical9.82023-07-07In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.
CVE-2023-36993Critical9.82023-07-07The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the pa…
CVE-2023-36992High7.22023-07-07PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code.
CVE-2023-36995Medium6.12023-07-06TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.