CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33558
https://notcve.org/view.php?id=CVE-2023-33558
An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. Una vulnerabilidad de divulgación de información en el componente users-grid-data.php de Ocomon anterior a v4.0.1 permite a los atacantes obtener información confidencial como correos electrónicos y nombres de usuarios. • https://github.com/ninj4c0d3r/OcoMon-Research https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33559
https://notcve.org/view.php?id=CVE-2023-33559
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. Una vulnerabilidad de inclusión de archivo local a través del parámetro lang en OcoMon anterior a v4.0.1 permite a los atacantes ejecutar código arbitrario proporcionando un archivo PHP manipulado. • https://github.com/ninj4c0d3r/OcoMon-Research https://github.com/ninj4c0d3r/OcoMon-Research/commit/7459ff397f48b5356930c16c522331e39158461dv • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-40798
https://notcve.org/view.php?id=CVE-2022-40798
OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. OcoMon versión 4.0RC1, es vulnerable a un Control de Acceso Incorrecto. Mediante una petición el usuario puede obtener el correo electrónico real, enviando la misma petición con el correo electrónico correcto es una toma de control de cuenta • https://gist.github.com/ninj4c0d3r/89bdd6702bf00d768302f5e0e5bb8adc https://ocomonphp.sourceforge.io •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2005-4663
https://notcve.org/view.php?id=CVE-2005-4663
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://secunia.com/advisories/17470 http://sourceforge.net/project/showfiles.php?group_id=45554 http://sourceforge.net/project/shownotes.php?release_id=369163 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2005-4662
https://notcve.org/view.php?id=CVE-2005-4662
Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664. • http://secunia.com/advisories/17470 http://sourceforge.net/project/showfiles.php?group_id=45554 http://sourceforge.net/project/shownotes.php?release_id=369163 http://www.osvdb.org/20751 http://www.securityfocus.com/bid/15386 https://exchange.xforce.ibmcloud.com/vulnerabilities/23085 •