Unilogies Bumsys vulnerabilities
9 known vulnerabilities affecting unilogies/unilogies_bumsys.
Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-0455P2HIGHCVSS 8.8PoC≥ unspecified, < v1.0.3-beta2023-01-26
CVE-2023-0455 [HIGH] CWE-434 CVE-2023-0455: Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.
Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.
nvd
CVE-2023-2554P3HIGHCVSS 7.2≥ unspecified, < 2.2.02023-05-05
CVE-2023-2554 [HIGH] CWE-73 CVE-2023-2554: External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.
nvd
CVE-2023-1362P4MEDIUMCVSS 6.1PoC≥ unspecified, < v2.0.22023-03-13
CVE-2023-1362 [MEDIUM] CWE-1021 CVE-2023-1362: Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to
Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2.
nvd
CVE-2023-2551P3HIGHCVSS 8.8≥ unspecified, < 2.1.12023-05-05
CVE-2023-2551 [HIGH] CWE-98 CVE-2023-2551: PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.
nvd
CVE-2023-2832P3HIGHCVSS 7.2≥ unspecified, < 2.2.02023-05-22
CVE-2023-2832 [HIGH] CWE-89 CVE-2023-2832: SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.
SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.
nvd
CVE-2023-1361P3MEDIUMCVSS 6.5≥ unspecified, < v2.0.22023-03-13
CVE-2023-1361 [MEDIUM] CWE-89 CVE-2023-1361: SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2.
SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2.
nvd
CVE-2023-2552P3HIGHCVSS 8.8≥ unspecified, < 2.1.12023-05-05
CVE-2023-2552 [HIGH] CWE-352 CVE-2023-2552: Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.
Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.
nvd
CVE-2023-0995P4MEDIUMCVSS 5.4≥ unspecified, < v2.0.12023-02-24
CVE-2023-0995 [MEDIUM] CWE-79 CVE-2023-0995: Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.
Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.
nvd
CVE-2023-2553P4MEDIUMCVSS 5.4≥ unspecified, < 2.2.02023-05-05
CVE-2023-2553 [MEDIUM] CWE-79 CVE-2023-2553: Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.
Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.
nvd