Vendor

Riello

Products

CVEs

Across products

Status

Private

Products

CVE	CVSS	EPSS	Published	Description
CVE-2025-68916	—	0.01	Dec 24, 2025	Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
CVE-2025-68915	—	0.00	Dec 24, 2025	Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
CVE-2025-68914	—	0.00	Dec 24, 2025	Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.

CVE-2025-68916Dec 24, 2025
risk 0.00cvss —epss 0.01
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
CVE-2025-68915Dec 24, 2025
risk 0.00cvss —epss 0.00
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
CVE-2025-68914Dec 24, 2025
risk 0.00cvss —epss 0.00
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.