Verydows: Security Vulnerabilities
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-12
Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-09
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-04-26
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-04-26
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-16
Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-12
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-02-11