Iagona Scrutisweb vulnerabilities
4 known vulnerabilities affecting iagona/scrutisweb.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-35189P2CRITICALCVSS 9.8≤ 2.1.372023-07-18
CVE-2023-35189 [CRITICAL] CWE-434 CVE-2023-35189: Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote
code execution vulnerability that could allow an unauthenticated user to
upload a malicious payload and execute it.
nvd
CVE-2023-33871P3HIGHCVSS 7.5≤ 2.1.372023-07-18
CVE-2023-33871 [HIGH] CVE-2023-33871: Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability th
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot.
nvd
CVE-2023-38257P3HIGHCVSS 7.5≤ 2.1.372023-07-18
CVE-2023-38257 [HIGH] CVE-2023-38257: Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vu
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.
nvd
CVE-2023-35763P4MEDIUMCVSS 5.5≤ 2.1.372023-07-18
CVE-2023-35763 [MEDIUM] CWE-798 CVE-2023-35763: Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that cou
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.
nvd