Vulnerabilities > Softwarepublico > E SIC

DATE CVE VULNERABILITY TITLE RISK
2017-10-23 CVE-2017-15381 SQL Injection vulnerability in Softwarepublico E-Sic 1.0
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
network
low complexity
softwarepublico CWE-89
critical
 9.8
9.8
2017-10-23 CVE-2017-15380 Cross-site Scripting vulnerability in Softwarepublico E-Sic 1.0
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.
network
low complexity
softwarepublico CWE-79
6.1
6.1
2017-10-23 CVE-2017-15379 SQL Injection vulnerability in Softwarepublico E-Sic 1.0
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
network
low complexity
softwarepublico CWE-89
critical
 9.8
9.8
2017-10-23 CVE-2017-15378 SQL Injection vulnerability in Softwarepublico E-Sic 1.0
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
network
low complexity
softwarepublico CWE-89
8.8
8.8
2017-10-16 CVE-2017-15373 SQL Injection vulnerability in Softwarepublico E-Sic 1.0
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
network
low complexity
softwarepublico CWE-89
critical
 9.8
9.8