Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitos sitos six 6.2.1 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-15751
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote malicious users to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated malicious user to upload a malicious file (containing PHP code to exe...
Sitos Sitos Six 6.2.1
10
CVSSv2
CVE-2019-15746
SITOS six Build v6.2.1 allows an malicious user to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
Sitos Sitos Six 6.2.1
7.5
CVSSv2
CVE-2019-15748
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could ...
Sitos Sitos Six 6.2.1
6.5
CVSSv2
CVE-2019-15747
SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.
Sitos Sitos Six 6.2.1
4.3
CVSSv2
CVE-2019-15749
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account (e.g., via XSS or an unattended workstation) to cha...
Sitos Sitos Six 6.2.1
4.3
CVSSv2
CVE-2019-15750
A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Sitos Sitos Six 6.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started