VYPR

Ussd Gateway

by Opencode

CVEs (6)

  • CVE-2025-70614HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier…

  • CVE-2025-65235Nov 26, 2025
    risk 0.00cvss epss 0.00

    OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.

  • CVE-2025-65237Nov 26, 2025
    risk 0.00cvss epss 0.00

    A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.

  • CVE-2025-65238Nov 26, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.

  • CVE-2025-65239Nov 26, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.

  • CVE-2025-65236Nov 26, 2025
    risk 0.00cvss epss 0.00

    OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.