RSS   Vulnerabilities for 'E-sic'   RSS

2017-10-23
 
CVE-2017-15381

CWE-89
 

 
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).

 
 
CVE-2017-15380

CWE-79
 

 
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.

 
 
CVE-2017-15379

CWE-89
 

 
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.

 
 
CVE-2017-15378

CWE-89
 

 
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).

 
2017-10-16
 
CVE-2017-15373

 

 
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).

 


Copyright 2024, cxsecurity.com

 

Back to Top