CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2020-7991 – Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
https://notcve.org/view.php?id=CVE-2020-7991
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. Adive Framework versión 2.0.8, presenta una vulnerabilidad de tipo CSRF de admin/config para cambiar la contraseña de Administrador. Adive Framework version 2.0.8 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47966 http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html https://github.com/ferdinandmartin/adive-php7/blob/master/README.md https://www.exploit-db.com/exploits/47946 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0270
https://notcve.org/view.php?id=CVE-2015-0270
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Zend Framework versiones anteriores a 2.2.10 y versiones 2.3.x anteriores a 2.3.5, presenta una Inyección SQL Potencial en el adaptador Zend\Db de PostgreSQL. • https://framework.zend.com/security/advisory/ZF2015-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •