CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26877
https://notcve.org/view.php?id=CVE-2023-26877
26 Jun 2024 — File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint. Vulnerabilidad de carga de archivos encontrada en Softexpert Excellence Suite v.2.1 permite a atacantes ejecutar código arbitrario mediante la carga de un archivo .php al endpoint form/efms_exec_html/file_upload_parser.php. • https://gist.github.com/rodnt/90ac26fdf891e602f6f090d6aebce32d • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33515
https://notcve.org/view.php?id=CVE-2023-33515
14 Jun 2023 — SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens. • https://medium.com/%40williamamorim256/stored-xss-found-in-se-suite-version-2-1-9-understanding-and-addressing-the-issue-cve-2023-33515-d59990eac324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 3CVE-2023-30330 – SoftExpert (SE) Suite v2.1.3 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2023-30330
03 May 2023 — SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. SoftExpert Suite version 2.1.3 suffers from a local file inclusion vulnerability. • https://packetstorm.news/files/id/172127 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12977
https://notcve.org/view.php?id=CVE-2018-12977
09 Jul 2018 — A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section. Una vulnerabilidad de inyección SQL en SoftExpert (SE) Excellence Suite 2.0 permite que usuarios autenticados remotos realicen heurística SQL extrayendo información de la base de datos con el parámetro "cddocument" en la sección "Downloading Electronic D... • https://www.exploit-db.com/exploits/44981 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •