Ovidentia: >> Ovidentia >> 6.0.0 Security Vulnerabilities
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-02-17
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-30
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.
CVSS Score
8.8
EPSS Score
0.028
Published
2018-07-09