Vulnerabilities > Vfairs

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-26	CVE-2020-26677	SQL Injection vulnerability in Vfairs 3.3 Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API. network low complexity vfairs CWE-89	8.8
2021-05-26	CVE-2020-26678	Unrestricted Upload of File with Dangerous Type vulnerability in Vfairs 3.3 vFairs 3.3 is affected by Remote Code Execution. network low complexity vfairs CWE-434	8.8
2021-05-26	CVE-2020-26679	Authorization Bypass Through User-Controlled Key vulnerability in Vfairs 3.3 vFairs 3.3 is affected by Insecure Permissions. network low complexity vfairs CWE-639	4.3
2021-05-26	CVE-2020-26680	Cross-site Scripting vulnerability in Vfairs 3.3 In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. network low complexity vfairs CWE-79	5.4

Vulnerabilities > Vfairs {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Vfairs"}]}