gerico-lab/riello-multiple-vulnerabilities-2025

Releases0

Riello UPS Multiple Vulnerabilities - 2025

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-68914 ↗	Dec 24, 2025Wednesday, 24 December 2025, 20:16	6.5 MEDIUM	—
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.
CVE-2025-68915 ↗	Dec 24, 2025Wednesday, 24 December 2025, 20:16	5.5 MEDIUM	—
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
CVE-2025-68916 ↗	Dec 24, 2025Wednesday, 24 December 2025, 20:16	9.1 CRITICAL	—
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.