Vulnerabilities > Zucchetti > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2021-42369 SQL Injection vulnerability in Zucchetti Imagicle UC Suite
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection.
network
low complexity
zucchetti CWE-89
8.8
8.8
2019-10-30 CVE-2019-18206 Cross-Site Request Forgery (CSRF) vulnerability in Zucchetti Infobusiness 4.4.1
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
network
low complexity
zucchetti CWE-352
8.8
8.8
2019-10-30 CVE-2019-18204 Unrestricted Upload of File with Dangerous Type vulnerability in Zucchetti Infobusiness 4.4.1
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
network
low complexity
zucchetti CWE-434
8.8
8.8
2019-06-19 CVE-2019-10257 Path Traversal vulnerability in Zucchetti HR Portal 20190315
Zucchetti HR Portal through 2019-03-15 allows Directory Traversal.
network
low complexity
zucchetti CWE-22
7.5
7.5