cbcvebase.

F-Logic Datacube3 vulnerabilities

4 known vulnerabilities affecting f-logic/datacube3.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-25832P2HIGHCVSS 8.8PoCv1.02024-02-29
CVE-2024-25832 [HIGH] CWE-434 CVE-2024-25832: F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.
nvd
CVE-2024-7066P2CRITICALCVSS 9.8v1.02024-07-24
CVE-2024-7066 [CRITICAL] CWE-78 CVE-2024-7066: A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by th A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection. The attack can be launched remotely. The exploit
nvd
CVE-2024-25833P2CRITICALCVSS 9.8v1.02024-02-29
CVE-2024-25833 [CRITICAL] CWE-89 CVE-2024-25833: F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthen F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.
nvd
CVE-2024-25831P4MEDIUMCVSS 5.4v1.02024-02-29
CVE-2024-25831 [MEDIUM] CWE-79 CVE-2024-25831: F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability du F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.
nvd
F-Logic Datacube3 vulnerabilities | cvebase