VYPR

Ovidentia

by Ovidentia

Source repositories

CVEs (9)

  • CVE-2019-13978HigJul 19, 2019
    risk 0.57cvss 8.8epss 0.01

    Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.

  • CVE-2018-1000619HigJul 9, 2018
    risk 0.57cvss 8.8epss 0.02

    Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.

  • CVE-2022-22914HigFeb 17, 2022
    risk 0.49cvss 7.5epss 0.01

    An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.

  • CVE-2019-13977MedJul 19, 2019
    risk 0.38cvss 5.4epss 0.02

    index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.

  • CVE-2006-2811Jun 5, 2006
    risk 0.04cvss epss 0.17

    Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7)…

  • CVE-2008-4423Oct 3, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.

  • CVE-2008-3918Sep 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-3917Sep 4, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.

  • CVE-2005-1964Jun 9, 2005
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in utilit.php for Ovidentia Portal allows remote attackers to execute arbitrary PHP code via the babInstallPath parameter.