Vulnerabilities > Ovidentia

DATE CVE VULNERABILITY TITLE RISK
2022-02-17 CVE-2022-22914 Path Traversal vulnerability in Ovidentia 6.0.0
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.
network
low complexity
ovidentia CWE-22
5.0
2021-03-30 CVE-2021-29343 SQL Injection vulnerability in Ovidentia
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php.
network
low complexity
ovidentia CWE-89
5.5
2019-07-19 CVE-2019-13978 SQL Injection vulnerability in Ovidentia 8.4.3
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
network
low complexity
ovidentia CWE-89
6.5
2019-07-19 CVE-2019-13977 Cross-site Scripting vulnerability in Ovidentia 8.4.3
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
network
ovidentia CWE-79
3.5
2018-07-09 CVE-2018-1000619 Unrestricted Upload of File with Dangerous Type vulnerability in Ovidentia
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution.
network
low complexity
ovidentia CWE-434
6.5
2008-10-03 CVE-2008-4423 SQL Injection vulnerability in Ovidentia 6.6.5
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
network
low complexity
ovidentia CWE-89
6.5
2008-09-04 CVE-2008-3918 SQL Injection vulnerability in Ovidentia 6.6.5
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action.
network
low complexity
ovidentia CWE-89
7.5
2008-09-04 CVE-2008-3917 Cross-Site Scripting vulnerability in Ovidentia 6.6.5
Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.
network
ovidentia CWE-79
4.3