VYPR
Vendor

Softwarepublico

Products
3
CVEs
6
Across products
6
Status
Private

Products

3

Recent CVEs

6
  • CVE-2017-15381CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).

  • CVE-2017-15379CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.03

    An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.

  • CVE-2017-15373CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.02

    E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).

  • CVE-2017-15378HigOct 23, 2017
    risk 0.57cvss 8.8epss 0.01

    SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).

  • CVE-2017-15380MedOct 23, 2017
    risk 0.40cvss 6.1epss 0.01

    XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.

  • CVE-2024-24350Feb 8, 2024
    risk 0.00cvss epss 0.01

    File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.