Vulnerabilities (CVE)

Filtered by vendor Ovidentia Subscribe
Filtered by product Ovidentia
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22914 1 Ovidentia 1 Ovidentia 2024-02-28 5.0 MEDIUM 7.5 HIGH
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.
CVE-2021-29343 1 Ovidentia 1 Ovidentia 2024-02-28 5.5 MEDIUM 5.4 MEDIUM
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.
CVE-2019-13978 1 Ovidentia 1 Ovidentia 2024-02-28 6.5 MEDIUM 8.8 HIGH
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
CVE-2019-13977 1 Ovidentia 1 Ovidentia 2024-02-28 3.5 LOW 5.4 MEDIUM
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
CVE-2018-1000619 1 Ovidentia 1 Ovidentia 2024-02-28 6.5 MEDIUM 8.8 HIGH
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.
CVE-2008-3918 1 Ovidentia 1 Ovidentia 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4423 1 Ovidentia 1 Ovidentia 2024-02-28 6.5 MEDIUM N/A
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
CVE-2008-3917 1 Ovidentia 1 Ovidentia 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.