Gpweb

gpweb

Vendor: Sistemagpweb • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-15877 1Sistemagpweb 1Gpweb May 13, 2026 Dec 19, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.
CVE-2017-15876 1Sistemagpweb 1Gpweb May 13, 2026 Dec 19, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.
CVE-2017-15875 1Sistemagpweb 1Gpweb May 13, 2026 Dec 19, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.