VYPR

indexhibit

by Indexhibit

CVEs (8)

  • CVE-2019-16314CriSep 14, 2019
    risk 0.67cvss 9.8epss 0.39

    Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.

  • CVE-2020-18121HigAug 30, 2021
    risk 0.57cvss 8.8epss 0.01

    A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell.

  • CVE-2019-8954HigFeb 20, 2019
    risk 0.57cvss 8.8epss 0.03

    In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.

  • CVE-2020-18127MedAug 30, 2021
    risk 0.42cvss 6.5epss 0.01

    An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files.

  • CVE-2020-18123MedAug 30, 2021
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts.

  • CVE-2020-18125MedAug 30, 2021
    risk 0.40cvss 6.1epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.

  • CVE-2020-18124MedAug 30, 2021
    risk 0.37cvss 5.7epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.

  • CVE-2020-18126MedAug 30, 2021
    risk 0.35cvss 5.4epss 0.01

    Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.