VYPR

Mobile One Time Password

by WordPress

CVEs (3)

  • CVE-2024-3123HigJul 1, 2024
    risk 0.47cvss 7.2epss 0.01

    CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands.

  • CVE-2024-3122MedJul 1, 2024
    risk 0.32cvss 4.9epss 0.01

    CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.

  • CVE-2021-44161Dec 29, 2021
    risk 0.00cvss epss 0.01

    Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication.