Overit

Geocall

6 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-22834

Exploit
  • EPSS 4.24%
  • Veröffentlicht 10.03.2022 17:45:41
  • Zuletzt bearbeitet 21.11.2024 06:47:32

An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.

6.5

CVE-2022-22835

Exploit
  • EPSS 0.35%
  • Veröffentlicht 10.03.2022 17:45:41
  • Zuletzt bearbeitet 21.11.2024 06:47:33

An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem.

6.1

CVE-2019-5888

  • EPSS 0.33%
  • Veröffentlicht 01.04.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:45:42

Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.

7.5

CVE-2019-5889

  • EPSS 1.15%
  • Veröffentlicht 01.04.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:45:42

An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.

9

CVE-2019-5890

  • EPSS 0.45%
  • Veröffentlicht 01.04.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:45:43

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.

9.8

CVE-2019-5891

  • EPSS 0.66%
  • Veröffentlicht 01.04.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:45:43

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.