Vulnerabilities > Vice > Webopac > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-11 CVE-2024-11020 SQL Injection vulnerability in Vice Webopac 7.1.20160701
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
vice CWE-89
critical
9.8
2024-11-11 CVE-2024-11018 Unrestricted Upload of File with Dangerous Type vulnerability in Vice Webopac 7.1.20160701
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
network
low complexity
vice CWE-434
critical
9.8
2024-11-11 CVE-2024-11016 SQL Injection vulnerability in Vice Webopac 7.1.20160701
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
vice CWE-89
critical
9.8