Vulnerabilities (CVE)

Filtered by vendor Opendesa Subscribe
Filtered by product Opensid
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13040 1 Opendesa 1 Opensid 2024-02-28 6.8 MEDIUM 8.8 HIGH
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
CVE-2018-13039 1 Opendesa 1 Opensid 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI.
CVE-2018-13038 1 Opendesa 1 Opensid 2024-02-28 7.5 HIGH 9.8 CRITICAL
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type.