CVE-2025-36846
- EPSS 55.33%
- Veröffentlicht 21.07.2025 00:00:00
- Zuletzt bearbeitet 12.09.2025 17:58:47
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed...
CVE-2025-36845
- EPSS 4.46%
- Veröffentlicht 21.07.2025 00:00:00
- Zuletzt bearbeitet 12.09.2025 18:09:34
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a request to this address, and reflects the content in the respo...
- EPSS 1.3%
- Veröffentlicht 15.07.2022 06:15:09
- Zuletzt bearbeitet 21.11.2024 07:00:57
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is require...
- EPSS 0.23%
- Veröffentlicht 15.07.2022 06:15:09
- Zuletzt bearbeitet 21.11.2024 07:00:57
A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the l...
- EPSS 0.28%
- Veröffentlicht 15.07.2022 06:15:07
- Zuletzt bearbeitet 21.11.2024 07:00:57
A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this ...