VYPR
Vendor

Hashtopus Project

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2017-11681HigJul 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.

  • CVE-2017-11680HigJul 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.

  • CVE-2017-11679HigJul 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.

  • CVE-2017-11678HigJul 27, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.

  • CVE-2017-11677MedJul 27, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.