Paolo Geodirectory vulnerabilities
6 known vulnerabilities affecting paolo/geodirectory.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2026-54831P2CRITICALCVSS 9.3≥ n/a, ≤ 2.8.1622026-06-26
CVE-2026-54831 [CRITICAL] CWE-89 CVE-2026-54831: Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
nvd
CVE-2026-39512P2CRITICALCVSS 9.3≥ n/a, ≤ 2.8.1522026-06-15
CVE-2026-39512 [CRITICAL] CWE-89 CVE-2026-39512: Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
nvd
CVE-2026-42671P3MEDIUMCVSS 6.5≥ n/a, ≤ 2.8.1572026-06-01
CVE-2026-42671 [MEDIUM] CWE-862 CVE-2026-42671: Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured A
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects GeoDirectory: from n/a through 2.8.157.
nvd
CVE-2024-56259P4MEDIUMCVSS 5.4≤ 2.3.842025-01-02
CVE-2024-56259 [MEDIUM] CWE-79 CVE-2024-56259: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through <= 2.3.84.
nvd
CVE-2024-50437P4MEDIUMCVSS 5.4≤ 2.3.802024-10-28
CVE-2024-50437 [MEDIUM] CWE-79 CVE-2024-50437: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paolo GeoDirectory geodirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through <= 2.3.80.
nvd
CVE-2026-24549P4MEDIUMCVSS 4.3≤ 2.8.1492026-01-23
CVE-2026-24549 [MEDIUM] CWE-352 CVE-2026-24549: Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through <= 2.8.149.
nvd