Vulnerabilities > Verydows
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-51949 | Cross-Site Request Forgery (CSRF) vulnerability in Verydows 2.0 Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller | 8.8 |
| 2023-05-09 | CVE-2020-23363 | Cross-Site Request Forgery (CSRF) vulnerability in Verydows Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script. | 8.8 |
| 2022-04-26 | CVE-2022-28058 | Path Traversal vulnerability in Verydows 2.0 Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. | 8.1 |
| 2022-04-26 | CVE-2022-28059 | Path Traversal vulnerability in Verydows 2.0 Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. | 8.1 |
| 2019-02-16 | CVE-2019-8363 | Cross-site Scripting vulnerability in Verydows 2.0 Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | 6.1 |
| 2019-02-12 | CVE-2019-7753 | Cross-site Scripting vulnerability in Verydows 2.0 Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. | 6.1 |
| 2019-02-11 | CVE-2019-7737 | Cross-Site Request Forgery (CSRF) vulnerability in Verydows 2.0 A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit. | 8.8 |