Vulnerabilities > Gogogate

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-13119 Improper Restriction of Rendered UI Layers or Frames vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to clickjacking.
network
gogogate CWE-1021
4.3
4.3
2020-09-24 CVE-2020-12843 Unrestricted Upload of File with Dangerous Type vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors.
network
low complexity
gogogate CWE-434
7.5
7.5
2020-09-24 CVE-2020-12842 Code Injection vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.
network
low complexity
gogogate CWE-94
7.5
7.5
2020-09-24 CVE-2020-12841 Cross-Site Request Forgery (CSRF) vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
network
gogogate CWE-352
4.3
4.3
2020-09-24 CVE-2020-12840 Cross-Site Request Forgery (CSRF) vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
network
gogogate CWE-352
4.3
4.3
2020-09-24 CVE-2020-12839 Code Injection vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
network
low complexity
gogogate CWE-94
7.5
7.5
2020-09-24 CVE-2020-12838 Code Injection vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
network
low complexity
gogogate CWE-94
7.5
7.5
2020-09-24 CVE-2020-12837 Unrestricted Upload of File with Dangerous Type vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors.
network
low complexity
gogogate CWE-434
5.0
5.0
2020-09-24 CVE-2020-12282 Cross-Site Request Forgery (CSRF) vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php.
network
gogogate CWE-352
6.8
6.8
2020-09-24 CVE-2020-12281 Cross-Site Request Forgery (CSRF) vulnerability in Gogogate Ismartgate PRO Firmware 1.5.9
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
network
gogogate CWE-352
4.3
4.3