Vulnerabilities > Vembu > Offsite DR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-26471 | Unspecified vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. | 7.5 |
| 2021-06-08 | CVE-2021-26472 | OS Command Injection vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. | 10.0 |
| 2021-06-08 | CVE-2021-26473 | Unrestricted Upload of File with Dangerous Type vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. | 7.5 |
| 2021-06-08 | CVE-2021-26474 | Cross-Site Request Forgery (CSRF) vulnerability in Vembu BDR Suite and Offsite DR Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.) | 6.8 |