Vulnerabilities > IT Novum > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-25 | CVE-2023-36663 | SQL Injection vulnerability in It-Novum Openitcockpit 4.6.4 it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. | 8.8 |
| 2020-03-20 | CVE-2020-10792 | Incorrect Default Permissions vulnerability in It-Novum Openitcockpit openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. | 7.5 |
| 2019-08-23 | CVE-2019-15493 | Unspecified vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | 7.5 |
| 2019-08-23 | CVE-2019-15491 | Cross-Site Request Forgery (CSRF) vulnerability in It-Novum Openitcockpit openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | 8.8 |