Softwarepublico » E-sic : Security Vulnerabilities, CVEs,
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-10-23
Updated
2017-10-31
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-10-23
Updated
2017-10-31
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
Max CVSS
9.8
EPSS Score
1.09%
Published
2017-10-23
Updated
2019-10-03
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
Max CVSS
8.8
EPSS Score
0.13%
Published
2017-10-23
Updated
2017-10-31
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-10-16
Updated
2017-10-27
5 vulnerabilities found