VYPR

Universibo

by Universibo

CVEs (2)

  • CVE-2022-29603HigApr 25, 2022
    risk 0.00cvss 8.1epss 0.01

    A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example,…

  • CVE-2007-5164Oct 1, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a…