White Shark System
Products
2- 9 CVEs
- 0 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-20466 | Cri | 0.64 | 9.8 | 0.02 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | ||
| CVE-2020-20471 | Hig | 0.57 | 8.8 | 0.02 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. | ||
| CVE-2020-20474 | Hig | 0.49 | 7.5 | 0.02 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information. | ||
| CVE-2020-20473 | Hig | 0.49 | 7.5 | 0.02 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive… | ||
| CVE-2020-20469 | Hig | 0.49 | 7.5 | 0.02 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information. | ||
| CVE-2020-20468 | Med | 0.42 | 6.5 | 0.01 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password. | ||
| CVE-2020-20467 | Med | 0.42 | 6.5 | 0.01 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. | ||
| CVE-2020-20472 | Med | 0.35 | 5.3 | 0.01 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site. | ||
| CVE-2020-20470 | Med | 0.35 | 5.3 | 0.01 | Jun 21, 2021 | White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. |
- risk 0.64cvss 9.8epss 0.02
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.
- risk 0.57cvss 8.8epss 0.02
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
- risk 0.49cvss 7.5epss 0.02
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
- risk 0.49cvss 7.5epss 0.02
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive…
- risk 0.49cvss 7.5epss 0.02
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.
- risk 0.42cvss 6.5epss 0.01
White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.
- risk 0.42cvss 6.5epss 0.01
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
- risk 0.35cvss 5.3epss 0.01
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.
- risk 0.35cvss 5.3epss 0.01
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.