VYPR

RealGimm

by GruppoSCAI

CVEs (6)

  • CVE-2023-41637CriAug 31, 2023
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.

  • CVE-2023-41636CriAug 31, 2023
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.

  • CVE-2023-41640HigAug 31, 2023
    risk 0.57cvss 8.8epss 0.01

    An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.

  • CVE-2023-41638HigAug 31, 2023
    risk 0.57cvss 8.8epss 0.01

    An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2023-41635MedAug 31, 2023
    risk 0.42cvss 6.5epss 0.01

    A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.

  • CVE-2023-41642MedAug 31, 2023
    risk 0.40cvss 6.1epss 0.01

    Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE…