Ocomon
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41391 | Cri | 0.64 | 9.8 | 0.01 | Oct 13, 2022 | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. | ||
| CVE-2022-41390 | Cri | 0.64 | 9.8 | 0.01 | Oct 13, 2022 | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. | ||
| CVE-2023-33559 | Hig | 0.57 | 8.8 | 0.01 | Oct 26, 2023 | A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. | ||
| CVE-2023-33558 | Hig | 0.49 | 7.5 | 0.01 | Oct 26, 2023 | An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. | ||
| CVE-2022-40798 | Hig | 0.49 | 7.5 | 0.01 | Oct 19, 2022 | OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. | ||
| CVE-2024-7709 | Med | 0.28 | 4.3 | 0.00 | Aug 13, 2024 | A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The… | ||
| CVE-2005-4664 | 0.03 | — | 0.01 | Dec 31, 2005 | SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662. | |||
| CVE-2005-4663 | 0.00 | — | 0.01 | Dec 31, 2005 | Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||
| CVE-2005-4662 | 0.00 | — | 0.01 | Dec 31, 2005 | Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664. |
- risk 0.64cvss 9.8epss 0.01
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.
- risk 0.64cvss 9.8epss 0.01
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.
- risk 0.57cvss 8.8epss 0.01
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.
- risk 0.49cvss 7.5epss 0.01
OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover.
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The…
- CVE-2005-4664Dec 31, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.
- CVE-2005-4663Dec 31, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
- CVE-2005-4662Dec 31, 2005risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664.