Ovidentia: >> Ovidentia >> 6.6.5 Security Vulnerabilities
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-30
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.
CVSS Score
8.8
EPSS Score
0.028
Published
2018-07-09
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
CVSS Score
6.5
EPSS Score
0.005
Published
2008-10-03
Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.
CVSS Score
4.3
EPSS Score
0.018
Published
2008-09-04
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-09-04