← Back

Sitos

sitos

6 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Sitos Six
sitos_six
6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-15751
1Sitos
1Sitos Six
Nov 21, 2024
Oct 7, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upl...Show more
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application.Show less
CVE-2019-15750
1Sitos
1Sitos Six
Nov 21, 2024
Oct 7, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2019-15749
1Sitos
1Sitos Six
Nov 21, 2024
Oct 7, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's acco...Show more
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to change that password and address.Show less
CVE-2019-15748
1Sitos
1Sitos Six
Nov 21, 2024
Oct 7, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a ma...Show more
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary PHP code.Show less
CVE-2019-15747
1Sitos
1Sitos Six
Nov 21, 2024
Oct 7, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.
CVE-2019-15746
1Sitos
1Sitos Six
Nov 21, 2024
Oct 7, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.