Vulnerabilities > Mitel > St14 2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-14 | CVE-2018-5782 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5781 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5780 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5779 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. | 9.8 |
| 2018-03-13 | CVE-2017-16251 | Unrestricted Upload of File with Dangerous Type vulnerability in Mitel St14.2 Ga28 A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. | 8.8 |
| 2018-03-13 | CVE-2017-16250 | Information Exposure vulnerability in Mitel St14.2 Ga28 A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. | 5.3 |