Softwarepublico » E-sic : Security Vulnerabilities, CVEs,

CVE-2017-15381

SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-10-23
Updated
2017-10-31

CVE-2017-15380

XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-10-23
Updated
2017-10-31

CVE-2017-15379

An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
Max CVSS
9.8
EPSS Score
1.09%
Published
2017-10-23
Updated
2019-10-03

CVE-2017-15378

SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
Max CVSS
8.8
EPSS Score
0.13%
Published
2017-10-23
Updated
2017-10-31

CVE-2017-15373

E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
Max CVSS
9.8
EPSS Score
0.32%
Published
2017-10-16
Updated
2017-10-27
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close