Zucchetti

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-18204 1Zucchetti 1Infobusiness Nov 21, 2024 Oct 30, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
CVE-2019-10257 1Zucchetti 1Hr Portal Nov 21, 2024 Jun 19, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the sys...Show more Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.classShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2019-18204

1Zucchetti

1Infobusiness

Nov 21, 2024

Oct 30, 2019

N/A· v4

8.8 HIGH· v3

6.5 MEDIUM· v2

Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.

CVE-2019-10257

1Zucchetti

1Hr Portal

Nov 21, 2024

Jun 19, 2019

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.classShow less

Previous 12