← Back

Travianz

travianz

Vendor: Travianz Project • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-36994
1Travianz Project
1Travianz
Nov 21, 2024
Jul 7, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.
CVE-2023-36993
1Travianz Project
1Travianz
Nov 21, 2024
Jul 7, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.
CVE-2023-36992
1Travianz Project
1Travianz
Nov 21, 2024
Jul 7, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code.
CVE-2023-36995
1Travianz Project
1Travianz
Nov 21, 2024
Jul 6, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.