Vulnerabilities > Softwarepublico > E SIC > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-10-23 CVE-2017-15379 SQL Injection vulnerability in Softwarepublico E-Sic 1.0
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
network
low complexity
softwarepublico CWE-89
critical
 9.8
9.8
2017-10-23 CVE-2017-15381 SQL Injection vulnerability in Softwarepublico E-Sic 1.0
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
network
low complexity
softwarepublico CWE-89
critical
 9.8
9.8
2017-10-16 CVE-2017-15373 SQL Injection vulnerability in Softwarepublico E-Sic 1.0
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
network
low complexity
softwarepublico CWE-89
critical
 9.8
9.8