Vulnerabilities > Softwarepublico

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-08	CVE-2024-24350	Unrestricted Upload of File with Dangerous Type vulnerability in Softwarepublico E-Sic Livre File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. network low complexity softwarepublico CWE-434	8.8
2022-07-14	CVE-2022-32409	Path Traversal vulnerability in Softwarepublico I3Geo 7.0.5 A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request. network low complexity softwarepublico CWE-22 critical	9.8
2022-07-14	CVE-2022-34092	Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. network low complexity softwarepublico CWE-79	6.1
2022-07-14	CVE-2022-34093	Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. network low complexity softwarepublico CWE-79	6.1
2022-07-14	CVE-2022-34094	Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. network low complexity softwarepublico CWE-79	6.1
2017-10-23	CVE-2017-15381	SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). network low complexity softwarepublico CWE-89 critical	9.8
2017-10-23	CVE-2017-15380	Cross-site Scripting vulnerability in Softwarepublico E-Sic 1.0 XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. network low complexity softwarepublico CWE-79	6.1
2017-10-23	CVE-2017-15379	SQL Injection vulnerability in Softwarepublico E-Sic 1.0 An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. network low complexity softwarepublico CWE-89 critical	9.8
2017-10-23	CVE-2017-15378	SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). network low complexity softwarepublico CWE-89	8.8
2017-10-16	CVE-2017-15373	SQL Injection vulnerability in Softwarepublico E-Sic 1.0 E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). network low complexity softwarepublico CWE-89 critical	9.8

Vulnerabilities > Softwarepublico {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Softwarepublico"}]}

Vulnerabilities > Softwarepublico