r3naissance/nse
GitHub
Releases0
Stars2
Nmap scripts
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 9.8 CRITICAL | 7.5 HIGH | ||
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent. | |||
| 5.3 MEDIUM | 5 MEDIUM | ||
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers. | |||