Nuuo CMS
by Nuuo
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17888 | 0.06 | — | 0.30 | Oct 12, 2018 | NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. | |||
| CVE-2022-25521 | 0.00 | — | 0.02 | Mar 29, 2022 | NUUO v03.11.00 was discovered to contain access control issue. | |||
| CVE-2018-17890 | 0.00 | — | 0.03 | Oct 12, 2018 | NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. | |||
| CVE-2018-17892 | 0.00 | — | 0.03 | Oct 12, 2018 | NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution. | |||
| CVE-2018-17894 | 0.00 | — | 0.02 | Oct 12, 2018 | NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. |
- CVE-2018-17888Oct 12, 2018risk 0.06cvss —epss 0.30
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.
- CVE-2022-25521Mar 29, 2022risk 0.00cvss —epss 0.02
NUUO v03.11.00 was discovered to contain access control issue.
- CVE-2018-17890Oct 12, 2018risk 0.00cvss —epss 0.03
NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.
- CVE-2018-17892Oct 12, 2018risk 0.00cvss —epss 0.03
NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.
- CVE-2018-17894Oct 12, 2018risk 0.00cvss —epss 0.02
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.