Vulnerabilities > Travianz Project

DATE CVE VULNERABILITY TITLE RISK
2023-07-07 CVE-2023-36992 Code Injection vulnerability in Travianz Project Travianz 8.3.3/8.3.4
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code.
network
low complexity
travianz-project CWE-94
7.2
2023-07-07 CVE-2023-36993 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Travianz Project Travianz 8.3.3/8.3.4
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.
network
low complexity
travianz-project CWE-338
critical
9.8
2023-07-07 CVE-2023-36994 Incorrect Authorization vulnerability in Travianz Project Travianz 8.3.3/8.3.4
In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.
network
low complexity
travianz-project CWE-863
critical
9.8
2023-07-06 CVE-2023-36995 Cross-site Scripting vulnerability in Travianz Project Travianz 8.3.3/8.3.4
TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.
network
low complexity
travianz-project CWE-79
6.1