Vice Webopac
8 CVEs affecting Vice Webopac. Latest disclosed: 2024-11-11. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-11020 | Critical | 9.8 | 2024-11-11 | Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and d… |
CVE-2024-11018 | Critical | 9.8 | 2024-11-11 | Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which c… |
CVE-2024-11016 | Critical | 9.8 | 2024-11-11 | Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and d… |
CVE-2024-11017 | High | 8.8 | 2024-11-11 | Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells… |
CVE-2021-42839 | High | 8.8 | 2021-11-15 | Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upl… |
CVE-2024-11019 | Medium | 6.1 | 2024-11-11 | Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code… |
CVE-2021-42838 | Medium | 6.1 | 2021-11-15 | Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject… |
CVE-2024-11021 | Medium | 5.4 | 2024-11-11 | Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into… |