Vfairs

Vfairs

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-26677

  • EPSS 0.54%
  • Veröffentlicht 26.05.2021 12:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:14

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API.

8.8

CVE-2020-26678

  • EPSS 2.95%
  • Veröffentlicht 26.05.2021 12:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:14

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution.

4.3

CVE-2020-26679

  • EPSS 0.14%
  • Veröffentlicht 26.05.2021 12:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:14

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HT...

5.4

CVE-2020-26680

  • EPSS 0.3%
  • Veröffentlicht 26.05.2021 12:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:14

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendere...