Hashtopus
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11681 | Hig | 0.57 | 8.8 | 0.01 | Jul 27, 2017 | Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. | ||
| CVE-2017-11680 | Hig | 0.57 | 8.8 | 0.01 | Jul 27, 2017 | Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. | ||
| CVE-2017-11679 | Hig | 0.57 | 8.8 | 0.01 | Jul 27, 2017 | Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. | ||
| CVE-2017-11678 | Hig | 0.57 | 8.8 | 0.02 | Jul 27, 2017 | SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. | ||
| CVE-2017-11677 | Med | 0.40 | 6.1 | 0.01 | Jul 27, 2017 | Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php. |
- risk 0.57cvss 8.8epss 0.01
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.
- risk 0.57cvss 8.8epss 0.01
Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.
- risk 0.57cvss 8.8epss 0.01
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.