RSS   Podatności dla
'Techno - portfolio management panel'
   RSS

2017-12-15
 
CVE-2017-17696

CWE-200
 

 
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.

 
 
CVE-2017-17695

CWE-89
 

 
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.

 
 
CVE-2017-17694

CWE-79
 

 
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.

 
 
CVE-2017-17693

CWE-862
 

 
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.

 
2017-12-11
 
CVE-2017-17110

CWE-89
 

 
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.

 


Copyright 2024, cxsecurity.com

 

Back to Top