Bigantsoft: Security Vulnerabilities
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
CVSS Score
9.8
EPSS Score
0.256
Published
2025-02-04
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
CVSS Score
6.3
EPSS Score
0.004
Published
2025-01-09
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-07
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-05
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
CVSS Score
7.5
EPSS Score
0.723
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
CVSS Score
5.3
EPSS Score
0.008
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-21
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-03-21
Page 1