VYPR
Vendor

iSmartgate

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2020-12843CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.

  • CVE-2020-12842CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.

  • CVE-2020-12839CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.

  • CVE-2020-12838CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.

  • CVE-2020-12282HigSep 24, 2020
    risk 0.57cvss 8.8epss 0.01

    iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)

  • CVE-2020-13119HigSep 24, 2020
    risk 0.53cvss 8.1epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to clickjacking.

  • CVE-2020-12837HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.

  • CVE-2020-12841MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php

  • CVE-2020-12840MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php

  • CVE-2020-12281MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.

  • CVE-2020-12280MedSep 24, 2020
    risk 0.42cvss 6.5epss 0.00

    iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.