cbcvebase.

Grand Vice Info Webopac vulnerabilities

4 known vulnerabilities affecting grand_vice_info/webopac.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-11018P2CRITICALCVSS 9.8≥ 6, < 6.5.1≥ 7, < 7.2.32024-11-11
CVE-2024-11018 [CRITICAL] CWE-434 CVE-2024-11018: Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticate Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
nvd
CVE-2024-11016P2CRITICALCVSS 9.8≥ 6, < 6.5.1≥ 7, < 7.2.32024-11-11
CVE-2024-11016 [CRITICAL] CWE-89 CVE-2024-11016: Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote atta Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2024-11017P3HIGHCVSS 8.8≥ 6, < 6.5.1≥ 7, < 7.2.32024-11-11
CVE-2024-11017 [HIGH] CWE-434 CVE-2024-11017: Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attacke Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.
nvd
CVE-2024-11021P4MEDIUMCVSS 5.4≥ 6, < 6.5.3≥ 7, < 7.2.12024-11-11
CVE-2024-11021 [MEDIUM] CWE-79 CVE-2024-11021: Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with re Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.
nvd
Grand Vice Info Webopac vulnerabilities | cvebase