Vulnerabilities > Ovidentia
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-17 | CVE-2022-22914 | Path Traversal vulnerability in Ovidentia 6.0.0 An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. | 5.0 |
2021-03-30 | CVE-2021-29343 | SQL Injection vulnerability in Ovidentia Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. | 5.5 |
2019-07-19 | CVE-2019-13978 | SQL Injection vulnerability in Ovidentia 8.4.3 Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. | 6.5 |
2019-07-19 | CVE-2019-13977 | Cross-site Scripting vulnerability in Ovidentia 8.4.3 index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. | 3.5 |
2018-07-09 | CVE-2018-1000619 | Unrestricted Upload of File with Dangerous Type vulnerability in Ovidentia Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. | 6.5 |
2008-10-03 | CVE-2008-4423 | SQL Injection vulnerability in Ovidentia 6.6.5 SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action. | 6.5 |
2008-09-04 | CVE-2008-3918 | SQL Injection vulnerability in Ovidentia 6.6.5 SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. | 7.5 |
2008-09-04 | CVE-2008-3917 | Cross-Site Scripting vulnerability in Ovidentia 6.6.5 Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action. | 4.3 |