CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13567
https://notcve.org/view.php?id=CVE-2020-13567
18 Apr 2022 — Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de inyección SQL en phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13568
https://notcve.org/view.php?id=CVE-2020-13568
13 Apr 2021 — SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. Se presenta una vulnerabilidad de inyección SQL en phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13566
https://notcve.org/view.php?id=CVE-2020-13566
13 Apr 2021 — SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. Se presentan vulnerabilidades de inyección SQL en phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 1CVE-2020-13565
https://notcve.org/view.php?id=CVE-2020-13565
10 Feb 2021 — An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability. Se presenta una vulnerabilidad de redireccionamiento abierto en la funcionalidad de redirección return_page de phpGACL versión 3.3.7, OpenEMR versión 5.0.2 y la versi... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1178 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.6EPSS: 1%CPEs: 2EXPL: 1CVE-2020-13564
https://notcve.org/view.php?id=CVE-2020-13564
01 Feb 2021 — A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter. Se presenta una vulnerabilidad de tipo cross-site scripting en la funcionalidad template de phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una ejecución arbitraria de JavaScript. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.6EPSS: 1%CPEs: 2EXPL: 1CVE-2020-13563
https://notcve.org/view.php?id=CVE-2020-13563
01 Feb 2021 — A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter. Se presenta una vulnerabilidad de tipo cross-site scripting en la funcionalidad template de phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una ejecución arbitraria de JavaScript. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.6EPSS: 2%CPEs: 2EXPL: 1CVE-2020-13562
https://notcve.org/view.php?id=CVE-2020-13562
01 Feb 2021 — A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter. Se presenta una vulnerabilidad de tipo cross-site scripting en la funcionalidad template de phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una ejecución arbitraria de JavaScript. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •