VYPR

Webiness Inventory

by Webiness

Source repositories

CVEs (2)

  • CVE-2018-18752CriOct 29, 2018
    risk 0.64cvss 9.8epss 0.02

    Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.

  • CVE-2019-8404MedMay 14, 2019
    risk 0.46cvss 6.5epss 0.08

    An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable…