Supremainc Biostar 2 vulnerabilities
8 known vulnerabilities affecting supremainc/biostar_2.
Total CVEs
8
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-15050P2HIGHCVSS 7.5PoCfixed in 2.8.22020-07-13
CVE-2020-15050 [HIGH] CWE-22 CVE-2020-15050: An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers c
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
nvd
CVE-2023-27167P3MEDIUMCVSS 6.5PoC≤ 2.8.162023-03-29
CVE-2023-27167 [MEDIUM] CWE-89 CVE-2023-27167: Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values par
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
nvd
CVE-2023-33364P2HIGHCVSS 8.8fixed in 2.9.12023-08-03
CVE-2023-33364 [HIGH] CWE-78 CVE-2023-33364: An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authen
An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server.
nvd
CVE-2023-31923P3HIGHCVSS 8.8fixed in 2.9.12023-05-22
CVE-2023-31923 [HIGH] CWE-281 CVE-2023-31923: Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web applic
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system.
nvd
CVE-2023-33366P3HIGHCVSS 8.8fixed in 2.9.12023-08-03
CVE-2023-33366 [HIGH] CWE-89 CVE-2023-33366: A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated u
A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.
nvd
CVE-2023-33363P3HIGHCVSS 7.5fixed in 2.9.12023-08-03
CVE-2023-33363 [HIGH] CWE-287 CVE-2023-33363: An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauth
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers.
nvd
CVE-2023-33365P3HIGHCVSS 7.5fixed in 2.9.12023-08-03
CVE-2023-33365 [HIGH] CWE-22 CVE-2023-33365: A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticate
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.
nvd
CVE-2022-38351P3HIGHCVSS 8.8v2.8.162022-09-19
CVE-2022-38351 [HIGH] CWE-269 CVE-2022-38351: A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges
A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.
nvd