Centova Technologies Inc Centova Cast vulnerabilities
2 known vulnerabilities affecting centova_technologies_inc/centova_cast.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2019-25351P2HIGHCVSS 8.8v3.2.112026-02-18
CVE-2019-25351 [HIGH] CWE-862 CVE-2019-25351: Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to re
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
nvd
CVE-2019-25342P3HIGHCVSS 7.5v3.2.122026-02-12
CVE-2019-25342 [HIGH] CWE-770 CVE-2019-25342: Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm th
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters.
nvd