VYPR

RhinOS

by RhinOS

CVEs (4)

  • CVE-2024-5407CriMay 27, 2024
    risk 0.65cvss 10.0epss 0.01

    A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.

  • CVE-2024-5409HigMay 27, 2024
    risk 0.46cvss 7.1epss 0.00

    RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.

  • CVE-2024-5408HigMay 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.

  • CVE-2018-18760MedNov 16, 2018
    risk 0.45cvss 6.5epss 0.03

    RhinOS 3.0 build 1190 allows CSRF.