Security Vulnerabilities
A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-11-18
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-11-18
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-11-18
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-18
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-18
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-18
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-18
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-18
A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-11-18
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory.
This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-11-18