Vulnerabilities > Grupposcai > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-31 CVE-2023-41636 SQL Injection vulnerability in Grupposcai Realgimm 1.1.37
A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.
network
low complexity
grupposcai CWE-89
critical
 9.8
9.8
2023-08-31 CVE-2023-41637 Unrestricted Upload of File with Dangerous Type vulnerability in Grupposcai Realgimm 1.1.37
An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.
network
low complexity
grupposcai CWE-434
critical
 9.8
9.8