Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0545 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability. | |||||
CVE-2017-17999 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | |||||
CVE-2017-11182 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | |||||
CVE-2017-11181 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | |||||
CVE-2024-8945 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-09-25 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. |