Ultimate Project Manager CRM
Products
1- 23 CVEs
Recent CVEs
23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16702 | Cri | 0.68 | 9.8 | 0.11 | Sep 23, 2019 | Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI. | ||
| CVE-2010-5333 | Cri | 0.68 | 9.8 | 0.16 | Sep 13, 2019 | The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable… | ||
| CVE-2020-12843 | Cri | 0.64 | 9.8 | 0.01 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used. | ||
| CVE-2020-12842 | Cri | 0.64 | 9.8 | 0.02 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. | ||
| CVE-2020-12839 | Cri | 0.64 | 9.8 | 0.02 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. | ||
| CVE-2020-12838 | Cri | 0.64 | 9.8 | 0.02 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. | ||
| CVE-2024-4999 | Cri | 0.61 | — | 0.12 | May 16, 2024 | A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through… | ||
| CVE-2020-37004 | Hig | 0.53 | 8.2 | 0.00 | Jan 29, 2026 | The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting… | ||
| CVE-2020-13119 | Hig | 0.53 | 8.1 | 0.01 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to clickjacking. | ||
| CVE-2020-12837 | Hig | 0.49 | 7.5 | 0.01 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used. | ||
| CVE-2018-12250 | Hig | 0.47 | 7.2 | 0.02 | Jul 3, 2019 | An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection. | ||
| CVE-2020-12841 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php | ||
| CVE-2020-12840 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php | ||
| CVE-2020-12281 | Med | 0.42 | 6.5 | 0.00 | Sep 24, 2020 | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. | ||
| CVE-2024-33752 | 0.07 | — | 0.05 | May 6, 2024 | An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. | |||
| CVE-2003-1481 | 0.03 | — | 0.02 | Dec 31, 2003 | CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | |||
| CVE-2002-1911 | 0.03 | — | 0.03 | Dec 31, 2002 | ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue. | |||
| CVE-2025-5119 | 0.00 | — | 0.00 | May 23, 2025 | A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initiated remotely. The… | |||
| CVE-2025-25827 | 0.00 | — | 0.00 | Feb 26, 2025 | A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL. | |||
| CVE-2024-13140 | 0.00 | — | 0.00 | Jan 5, 2025 | A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It… |
- risk 0.68cvss 9.8epss 0.11
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.
- risk 0.68cvss 9.8epss 0.16
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable…
- risk 0.64cvss 9.8epss 0.01
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.
- risk 0.64cvss 9.8epss 0.02
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.
- risk 0.64cvss 9.8epss 0.02
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
- risk 0.64cvss 9.8epss 0.02
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
- risk 0.61cvss —epss 0.12
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through…
- risk 0.53cvss 8.2epss 0.00
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting…
- risk 0.53cvss 8.1epss 0.01
ismartgate PRO 1.5.9 is vulnerable to clickjacking.
- risk 0.49cvss 7.5epss 0.01
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.
- risk 0.47cvss 7.2epss 0.02
An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.
- risk 0.42cvss 6.5epss 0.00
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
- risk 0.42cvss 6.5epss 0.00
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
- risk 0.42cvss 6.5epss 0.00
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.
- CVE-2024-33752May 6, 2024risk 0.07cvss —epss 0.05
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code.
- CVE-2003-1481Dec 31, 2003risk 0.03cvss —epss 0.02
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
- CVE-2002-1911Dec 31, 2002risk 0.03cvss —epss 0.03
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
- CVE-2025-5119May 23, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initiated remotely. The…
- CVE-2025-25827Feb 26, 2025risk 0.00cvss —epss 0.00
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.
- CVE-2024-13140Jan 5, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It…