DataCube3
by F-logic
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25830 | Cri | 0.69 | 9.8 | 0.24 | Feb 29, 2024 | F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the… | ||
| CVE-2024-34854 | Cri | 0.65 | 9.8 | 0.13 | May 28, 2024 | F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.` | ||
| CVE-2024-31750 | Cri | 0.65 | 9.8 | 0.19 | Apr 19, 2024 | SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. | ||
| CVE-2024-25833 | Cri | 0.64 | 9.8 | 0.03 | Feb 29, 2024 | F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database. | ||
| CVE-2024-25832 | Hig | 0.61 | 8.8 | 0.13 | Feb 29, 2024 | F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. | ||
| CVE-2024-7066 | Hig | 0.48 | 7.3 | 0.03 | Jul 24, 2024 | A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads… | ||
| CVE-2024-34852 | Med | 0.41 | 6.3 | 0.02 | May 28, 2024 | F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command… | ||
| CVE-2024-25831 | Med | 0.35 | 5.4 | 0.01 | Feb 29, 2024 | F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface. | ||
| CVE-2023-5329 | Med | 0.28 | 4.3 | 0.01 | Oct 2, 2023 | A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and… |
- risk 0.69cvss 9.8epss 0.24
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the…
- risk 0.65cvss 9.8epss 0.13
F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`
- risk 0.65cvss 9.8epss 0.19
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.
- risk 0.64cvss 9.8epss 0.03
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.
- risk 0.61cvss 8.8epss 0.13
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.
- risk 0.48cvss 7.3epss 0.03
A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads…
- risk 0.41cvss 6.3epss 0.02
F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command…
- risk 0.35cvss 5.4epss 0.01
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.
- risk 0.28cvss 4.3epss 0.01
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and…