Weather
by Instaguide
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5674 | 0.03 | — | 0.02 | Oct 24, 2007 | Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter. | |||
| CVE-2023-30715 | 0.00 | — | 0.00 | Sep 6, 2023 | Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission. | |||
| CVE-2022-28780 | 0.00 | — | 0.00 | May 3, 2022 | Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | |||
| CVE-2022-25815 | 0.00 | — | 0.00 | Mar 8, 2022 | PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. |
- CVE-2007-5674Oct 24, 2007risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.
- CVE-2023-30715Sep 6, 2023risk 0.00cvss —epss 0.00
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
- CVE-2022-28780May 3, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
- CVE-2022-25815Mar 8, 2022risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.