Grand Vice Info Webopac vulnerabilities
4 known vulnerabilities affecting grand_vice_info/webopac.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-11018P2CRITICALCVSS 9.8≥ 6, < 6.5.1≥ 7, < 7.2.32024-11-11
CVE-2024-11018 [CRITICAL] CWE-434 CVE-2024-11018: Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticate
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
nvd
CVE-2024-11016P2CRITICALCVSS 9.8≥ 6, < 6.5.1≥ 7, < 7.2.32024-11-11
CVE-2024-11016 [CRITICAL] CWE-89 CVE-2024-11016: Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote atta
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2024-11017P3HIGHCVSS 8.8≥ 6, < 6.5.1≥ 7, < 7.2.32024-11-11
CVE-2024-11017 [HIGH] CWE-434 CVE-2024-11017: Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attacke
Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.
nvd
CVE-2024-11021P4MEDIUMCVSS 5.4≥ 6, < 6.5.3≥ 7, < 7.2.12024-11-11
CVE-2024-11021 [MEDIUM] CWE-79 CVE-2024-11021: Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with re
Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.
nvd