Opendesa

opendesa

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-13040 1Opendesa 1Opensid Nov 21, 2024 Jul 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
CVE-2018-13039 1Opendesa 1Opensid Nov 21, 2024 Jul 1, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI.
CVE-2018-13038 1Opendesa 1Opensid Nov 21, 2024 Jul 1, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf C...Show more OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type.Show less