4 results (0.002 seconds)

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser. • https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8212-a7d3a-2.html https://www.twcert.org.tw/tw/cp-132-8211-a2da2-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. • https://www.twcert.org.tw/en/cp-139-8210-46322-2.html https://www.twcert.org.tw/tw/cp-132-8209-bf75d-1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •