iSmartgate
Products
1- 11 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12843 | Cri | 0.64 | 9.8 | 0.01 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used. | ||
| CVE-2020-12842 | Cri | 0.64 | 9.8 | 0.02 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. | ||
| CVE-2020-12839 | Cri | 0.64 | 9.8 | 0.02 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. | ||
| CVE-2020-12838 | Cri | 0.64 | 9.8 | 0.02 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. | ||
| CVE-2020-12282 | Hig | 0.57 | 8.8 | 0.01 | Sep 24, 2020 | iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.) | ||
| CVE-2020-13119 | Hig | 0.53 | 8.1 | 0.01 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to clickjacking. | ||
| CVE-2020-12837 | Hig | 0.49 | 7.5 | 0.01 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used. | ||
| CVE-2020-12841 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php | ||
| CVE-2020-12840 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php | ||
| CVE-2020-12281 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. | ||
| CVE-2020-12280 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. |
- risk 0.64cvss 9.8epss 0.01
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
- risk 0.64cvss 9.8epss 0.02
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.
- risk 0.64cvss 9.8epss 0.02
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
- risk 0.64cvss 9.8epss 0.02
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
- risk 0.57cvss 8.8epss 0.01
iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)
- risk 0.53cvss 8.1epss 0.01
ismartgate PRO 1.5.9 is vulnerable to clickjacking.
- risk 0.49cvss 7.5epss 0.01
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.
- risk 0.42cvss 6.5epss 0.00
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
- risk 0.42cvss 6.5epss 0.00
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
- risk 0.42cvss 6.5epss 0.00
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
- risk 0.42cvss 6.5epss 0.00
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.