MidnightBSD

Advisories for sistemagpweb

CVE-2017-15875 HIGH

SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
sistemagpweb gpweb 8.4.61
CVE-2017-15876 HIGH

Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
sistemagpweb gpweb 8.4.61
CVE-2017-15877 MEDIUM

Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
sistemagpweb gpweb 8.4.61