Ovidentia: >> Ovidentia >> 8.4.3 Security Vulnerabilities
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-07-19
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-07-19
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.
CVSS Score
8.8
EPSS Score
0.028
Published
2018-07-09