← Back

White Shark Systems Project

white_shark_systems_project

9 CVEs • 1 product

Products (1)

Click to collapse
Toggle
White Shark Systems
white_shark_systems
9 CVEs

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-20474
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerabili...Show more
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.Show less
CVE-2020-20473
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can...Show more
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.Show less
CVE-2020-20472
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users o...Show more
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.Show less
CVE-2020-20471
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
CVE-2020-20470
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
CVE-2020-20469
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain...Show more
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.Show less
CVE-2020-20468
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.
CVE-2020-20467
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
CVE-2020-20466
1White Shark Systems Project
1White Shark Systems
Nov 21, 2024
Jun 21, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.