CVE-2019-14987
https://notcve.org/view.php?id=CVE-2019-14987
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. Adive Framework hasta la versión 2.0.7 se ve afectado por XSS en las funciones Create New Table y Create New Navigation Link • https://www.sevenlayers.com/index.php/231-adive-framework-2-0-7-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-14347 – Adive Framework 2.0.7 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-14347
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. El archivo Internal/Views/addUsers.php en Adive de Schben versión 2.0.7, permite a los usuarios remotos no privilegiados (editor o desarrollador) crear una cuenta de administrador por medio de admin/user/add, como es demostrado mediante un script PoC de Python. Adive Framework version 2.0.7 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/47600 http://packetstormsecurity.com/files/155213/Adive-Framework-2.0.7-Privilege-Escalation.html https://github.com/ferdinandmartin/adive-php https://hackpuntes.com/cve-2019-14347-escalacion-de-privilegios-en-adive • CWE-425: Direct Request ('Forced Browsing') •
CVE-2019-14346 – Adive Framework 2.0.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-14346
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. El archivo Internal/Views/config.php en Adive de Schben versión 2.0.7, permite que un ataque de tipo CSRF de admin/config cambie una contraseña de usuario. Adive Framework version 2.0.7 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47217 http://packetstormsecurity.com/files/153989/Adive-Framework-2.0.7-Cross-Site-Request-Forgery.html https://hackpuntes.com/cve-2019-14346-adive-framework-2-0-7-cross-site-request-forgery https://www.adive.es • CWE-352: Cross-Site Request Forgery (CSRF) •