Cipplanner: >> Cipace >> 6.80 Security Vulnerabilities
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.
CVSS Score
9.8
EPSS Score
0.032
Published
2020-04-06
An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-06
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-04-06
Page 2