Vulnerabilities > Isweb

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-28	CVE-2018-14957	Path Traversal vulnerability in Isweb 3.5.3 CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). network low complexity isweb CWE-22 critical	9.8
2018-09-28	CVE-2018-14956	SQL Injection vulnerability in Isweb 3.5.3 CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. network low complexity isweb CWE-89 critical	9.8
2018-08-29	CVE-2018-15562	Cross-site Scripting vulnerability in Isweb 3.5.3 CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. network low complexity isweb CWE-79	6.1

Vulnerabilities > Isweb {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Isweb"}]}