CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11020 – Grand Vice info Webopac7 - SQL Injection
https://notcve.org/view.php?id=CVE-2024-11020
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. • https://www.twcert.org.tw/en/cp-139-8218-e238b-2.html https://www.twcert.org.tw/tw/cp-132-8217-05b42-1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11019 – Grand Vice info Webopac7 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-11019
Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques. • https://www.twcert.org.tw/en/cp-139-8216-f7dbf-2.html https://www.twcert.org.tw/tw/cp-132-8215-98582-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •