Vulnerabilities > Softwarepublico > E SIC > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-23 | CVE-2017-15381 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). | 7.5 |
| 2017-10-23 | CVE-2017-15380 | Cross-site Scripting vulnerability in Softwarepublico E-Sic 1.0 XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | 6.1 |
| 2017-10-23 | CVE-2017-15379 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | 9.8 |
| 2017-10-23 | CVE-2017-15378 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | 8.8 |
| 2017-10-16 | CVE-2017-15373 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | 7.5 |