Indexhibit: >> Indexhibit >> 2.1.5 Security Vulnerabilities
A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-08-30
A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-30
A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.
CVSS Score
5.7
EPSS Score
0.001
Published
2021-08-30
A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-30
Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-30
An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-08-30
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
CVSS Score
9.8
EPSS Score
0.5
Published
2019-09-14
In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.
CVSS Score
8.8
EPSS Score
0.022
Published
2019-02-20