Integria
by Artica
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19829 | 0.03 | — | 0.02 | Dec 18, 2018 | Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | |||
| CVE-2018-19828 | 0.03 | — | 0.02 | Dec 17, 2018 | Artica Integria IMS 5.0.83 has XSS via the search_string parameter. | |||
| CVE-2021-3834 | 0.00 | — | 0.01 | Oct 7, 2021 | Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS). | |||
| CVE-2021-3833 | 0.00 | — | 0.01 | Oct 7, 2021 | Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with… | |||
| CVE-2021-3832 | 0.00 | — | 0.02 | Oct 7, 2021 | Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability. | |||
| CVE-2019-15091 | 0.00 | — | 0.02 | Aug 16, 2019 | filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | |||
| CVE-2018-1000812 | 0.00 | — | 0.02 | Dec 20, 2018 | Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user… |
- CVE-2018-19829Dec 18, 2018risk 0.03cvss —epss 0.02
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
- CVE-2018-19828Dec 17, 2018risk 0.03cvss —epss 0.02
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
- CVE-2021-3834Oct 7, 2021risk 0.00cvss —epss 0.01
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
- CVE-2021-3833Oct 7, 2021risk 0.00cvss —epss 0.01
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with…
- CVE-2021-3832Oct 7, 2021risk 0.00cvss —epss 0.02
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
- CVE-2019-15091Aug 16, 2019risk 0.00cvss —epss 0.02
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
- CVE-2018-1000812Dec 20, 2018risk 0.00cvss —epss 0.02
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user…