VYPR

Ocomon

by Ocomon

CVEs (9)

  • CVE-2022-41391CriOct 13, 2022
    risk 0.64cvss 9.8epss 0.01

    OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.

  • CVE-2022-41390CriOct 13, 2022
    risk 0.64cvss 9.8epss 0.01

    OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.

  • CVE-2023-33559HigOct 26, 2023
    risk 0.57cvss 8.8epss 0.01

    A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.

  • CVE-2023-33558HigOct 26, 2023
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.

  • CVE-2022-40798HigOct 19, 2022
    risk 0.49cvss 7.5epss 0.01

    OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover.

  • CVE-2024-7709MedAug 13, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The…

  • CVE-2005-4664Dec 31, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.

  • CVE-2005-4662Dec 31, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664.

  • CVE-2005-4663Dec 31, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.