Vulnerabilities > Prophecyinternational > Snare Central > 7.1.3

DATE CVE VULNERABILITY TITLE RISK
2019-08-29 CVE-2019-11364 OS Command Injection vulnerability in Prophecyinternational Snare Central
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter.
network
low complexity
prophecyinternational CWE-78
critical
 9.0
9.0
2019-08-29 CVE-2019-11363 SQL Injection vulnerability in Prophecyinternational Snare Central
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter.
network
low complexity
prophecyinternational CWE-89
6.5
6.5