CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7990
https://notcve.org/view.php?id=CVE-2020-7990
Adive Framework 2.0.8 has admin/user/add userName XSS. Adive Framework versión 2.0.8, presenta una vulnerabilidad de tipo XSS del userName de admin/user/add. • https://github.com/ferdinandmartin/adive-php7/blob/master/README.md https://www.exploit-db.com/exploits/47946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2020-7991 – Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
https://notcve.org/view.php?id=CVE-2020-7991
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. Adive Framework versión 2.0.8, presenta una vulnerabilidad de tipo CSRF de admin/config para cambiar la contraseña de Administrador. Adive Framework version 2.0.8 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47966 http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html https://github.com/ferdinandmartin/adive-php7/blob/master/README.md https://www.exploit-db.com/exploits/47946 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0270
https://notcve.org/view.php?id=CVE-2015-0270
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Zend Framework versiones anteriores a 2.2.10 y versiones 2.3.x anteriores a 2.3.5, presenta una Inyección SQL Potencial en el adaptador Zend\Db de PostgreSQL. • https://framework.zend.com/security/advisory/ZF2015-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14987
https://notcve.org/view.php?id=CVE-2019-14987
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. Adive Framework hasta la versión 2.0.7 se ve afectado por XSS en las funciones Create New Table y Create New Navigation Link • https://www.sevenlayers.com/index.php/231-adive-framework-2-0-7-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6330
https://notcve.org/view.php?id=CVE-2018-6330
Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. Laravel, en su versión 5.4.15, es vulnerable a inyección SQL basada en errores en save.php mediante los parámetros dhx_user y dhx_version. • http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •