← Back

Kostasmitroglou

kostasmitroglou

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Password Management Application
password_management_application
2 CVEs
Thesystem
thesystem
2 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-25441
1Kostasmitroglou
1Thesystem
Mar 12, 2026
Feb 20, 2026
9.3 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST reque...Show more
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.Show less
CVE-2019-25347
1Kostasmitroglou
1Password Management Application
Mar 2, 2026
Feb 12, 2026
7.1 HIGH· v4
7.5 HIGH· v3
N/A· v2
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field...Show more
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.Show less
CVE-2019-25346
1Kostasmitroglou
1Password Management Application
Mar 2, 2026
Feb 12, 2026
7.1 HIGH· v4
7.5 HIGH· v3
N/A· v2
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthor...Show more
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.Show less
CVE-2019-25311
1Kostasmitroglou
1Thesystem
Mar 12, 2026
Feb 11, 2026
5.1 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in...Show more
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.Show less