VYPR

Verydows

by Verydows

CVEs (6)

  • CVE-2023-51949HigJan 12, 2024
    risk 0.57cvss 8.8epss 0.00

    Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller

  • CVE-2019-7737HigFeb 11, 2019
    risk 0.57cvss 8.8epss 0.01

    A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.

  • CVE-2022-28059HigApr 26, 2022
    risk 0.53cvss 8.1epss 0.01

    Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.

  • CVE-2022-28058HigApr 26, 2022
    risk 0.53cvss 8.1epss 0.01

    Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.

  • CVE-2019-8363MedFeb 16, 2019
    risk 0.40cvss 6.1epss 0.01

    Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.

  • CVE-2019-7753MedFeb 12, 2019
    risk 0.40cvss 6.1epss 0.01

    Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.