VYPR

E-Sic

by E Sic

CVEs (5)

  • CVE-2017-15381CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).

  • CVE-2017-15379CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.03

    An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.

  • CVE-2017-15373CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.02

    E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).

  • CVE-2017-15378HigOct 23, 2017
    risk 0.57cvss 8.8epss 0.01

    SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).

  • CVE-2017-15380MedOct 23, 2017
    risk 0.40cvss 6.1epss 0.01

    XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.