Vulnerabilities > Artica > Integria IMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-07 | CVE-2021-3833 | Incorrect Comparison vulnerability in Artica Integria IMS 5.0.92 Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. | 9.8 |
| 2021-10-07 | CVE-2021-3834 | Cross-site Scripting vulnerability in Artica Integria IMS 5.0.92 Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. | 6.1 |
| 2021-10-07 | CVE-2021-3832 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Integria IMS 5.0.92 Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. | 7.5 |
| 2019-08-16 | CVE-2019-15091 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Integria IMS 5.0.86 filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | 7.5 |
| 2018-12-20 | CVE-2018-1000812 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Artica Integria IMS Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. | 4.3 |
| 2018-12-18 | CVE-2018-19829 | Cross-Site Request Forgery (CSRF) vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | 5.8 |
| 2018-12-17 | CVE-2018-19828 | Cross-site Scripting vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has XSS via the search_string parameter. | 4.3 |