Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysax multi server 6.90 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-23574
When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash.
Sysax Multi Server 6.90
5.3
CVSSv3
CVE-2020-13227
An issue exists in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.
Sysax Multi Server 6.90
1 Github repository
6.1
CVSSv3
CVE-2020-13228
An issue exists in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
Sysax Multi Server 6.90
1 Github repository
8.8
CVSSv3
CVE-2020-13229
An issue exists in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.
Sysax Multi Server 6.90
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started