Filtered by vendor Openbi Project
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-1035 | 1 Openbi Project | 1 Openbi | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability. | |||||
CVE-2024-1034 | 1 Openbi Project | 1 Openbi | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability. | |||||
CVE-2024-1033 | 1 Openbi Project | 1 Openbi | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308. | |||||
CVE-2024-1032 | 1 Openbi Project | 1 Openbi | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307. |