Vulnerabilities > Hisiphp

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-04	CVE-2020-28062	Unrestricted Upload of File with Dangerous Type vulnerability in Hisiphp 2.0.11 An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. network low complexity hisiphp CWE-434	7.2
2021-06-21	CVE-2020-21130	Cross-site Scripting vulnerability in Hisiphp 2.0.8 Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html. network low complexity hisiphp CWE-79	6.1
2019-07-24	CVE-2019-1010193	Cross-site Scripting vulnerability in Hisiphp 1.0.8 hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). network low complexity hisiphp CWE-79	6.1
2018-10-01	CVE-2018-17827	Code Injection vulnerability in Hisiphp 1.0.8 HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. network low complexity hisiphp CWE-94	7.2
2018-10-01	CVE-2018-17826	Cross-Site Request Forgery (CSRF) vulnerability in Hisiphp 1.0.8 HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. network low complexity hisiphp CWE-352	8.8

Vulnerabilities > Hisiphp {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Hisiphp"}]}