Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| cve@profelis.com.tr | 3.8 | LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L | 0.3 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-77,CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| profelis | sambabox | * |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
| cve@profelis.com.tr | 3.8 | LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L | 0.3 | 3.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-80,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| profelis | sambabox | * |
Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| profelis | passbox | * |