VYPR

Opensid

by Opensid

Source repositories

CVEs (3)

  • CVE-2018-13038CriJul 1, 2018
    risk 0.64cvss 9.8epss 0.02

    OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type.

  • CVE-2018-13040HigJul 1, 2018
    risk 0.57cvss 8.8epss 0.01

    OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.

  • CVE-2018-13039MedJul 1, 2018
    risk 0.40cvss 6.1epss 0.01

    OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI.