CVE-2021-3834
- EPSS 0.25%
- Veröffentlicht 07.10.2021 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:34
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
CVE-2021-3833
- EPSS 0.61%
- Veröffentlicht 07.10.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:34
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to ...
CVE-2021-3832
- EPSS 1.59%
- Veröffentlicht 07.10.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:34
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
CVE-2019-15091
- EPSS 0.43%
- Veröffentlicht 16.08.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:28:02
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
CVE-2018-1000812
- EPSS 0.66%
- Veröffentlicht 20.12.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:24
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result ...
CVE-2018-19829
- EPSS 0.32%
- Veröffentlicht 18.12.2018 22:29:05
- Zuletzt bearbeitet 21.11.2024 03:58:38
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-19828
- EPSS 0.65%
- Veröffentlicht 17.12.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:38
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.