Vulnerabilities > Formosasoft

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-15	CVE-2024-9980	SQL Injection vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents. network low complexity formosasoft CWE-89	8.8
2024-10-15	CVE-2024-9981	Unrestricted Upload of File with Dangerous Type vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. network low complexity formosasoft CWE-434	8.8

Vulnerabilities > Formosasoft {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Formosasoft"}]}