CVE-2024-11021 – Grand Vice info Webopac - Stored XSS
https://notcve.org/view.php?id=CVE-2024-11021
Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser. • https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-11018 – Grand Vice info Webopac - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11018
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-11017 – Grand Vice info Webopac - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11017
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8212-a7d3a-2.html https://www.twcert.org.tw/tw/cp-132-8211-a2da2-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-11016 – Grand Vice info Webopac - SQL Injection
https://notcve.org/view.php?id=CVE-2024-11016
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. • https://www.twcert.org.tw/en/cp-139-8210-46322-2.html https://www.twcert.org.tw/tw/cp-132-8209-bf75d-1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-42839 – Grand Vice info Co. webopac7 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-42839
Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services. La función file upload de Grand Vice info Co. webopac7 falla al filtrar caracteres especiales. Mientras es iniciada la sesión con el permiso del usuario general, atacantes remotos pueden cargar un script malicioso y ejecutar código arbitrario para controlar el sistema o interrumpir los servicios • https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •