VYPR
Vendor

F-logic

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2024-25830CriFeb 29, 2024
    risk 0.69cvss 9.8epss 0.24

    F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the…

  • CVE-2024-34854CriMay 28, 2024
    risk 0.65cvss 9.8epss 0.13

    F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`

  • CVE-2024-31750CriApr 19, 2024
    risk 0.65cvss 9.8epss 0.19

    SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.

  • CVE-2024-25833CriFeb 29, 2024
    risk 0.64cvss 9.8epss 0.03

    F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.

  • CVE-2024-25832HigFeb 29, 2024
    risk 0.61cvss 8.8epss 0.13

    F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.

  • CVE-2024-7066HigJul 24, 2024
    risk 0.48cvss 7.3epss 0.03

    A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads…

  • CVE-2024-34852MedMay 28, 2024
    risk 0.41cvss 6.3epss 0.02

    F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command…

  • CVE-2024-25831MedFeb 29, 2024
    risk 0.35cvss 5.4epss 0.01

    F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.

  • CVE-2023-5329MedOct 2, 2023
    risk 0.28cvss 4.3epss 0.01

    A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and…