ECSIMAGING (aka ECS Imaging)
by EVOLUCARE
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3118 | Cri | 0.64 | 9.8 | 0.02 | Jan 11, 2021 | EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The… | ||
| CVE-2021-3029 | Cri | 0.64 | 9.8 | 0.03 | Jan 7, 2021 | EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects… | ||
| CVE-2023-26913 | Med | 0.40 | 6.1 | 0.00 | Mar 22, 2023 | EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. php. |
- risk 0.64cvss 9.8epss 0.02
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The…
- risk 0.64cvss 9.8epss 0.03
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects…
- risk 0.40cvss 6.1epss 0.00
EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. php.