Artica: >> Integria Ims >> 5.0.92 Security Vulnerabilities
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-07
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-10-07
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
CVSS Score
9.8
EPSS Score
0.016
Published
2021-10-07