Published: 06/12/2019 Updated: 24/08/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SiteVision 4 has Incorrect Access Control.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sitevision sitevision

SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution All versions of SiteVision 4 until 456 and all versions of SiteVision 5 until 511 are vulnerable ...

SiteVision suffers from an issue where attackers may execute arbitrary code as root on the target server after gaining access to a low-privilege account All versions of SiteVision 4 until 456 and all versions of SiteVision 5 until 511 are vulnerable ...

Full Disclosure mailing list archives   By Date By Thread </form>    SiteVision Remote Code Execution   From: Oscar Hjelm <OscarHj ...

Full Disclosure mailing list archives   By Date By Thread </form>    SiteVision Insufficient Module Access Control   From: Oscar Hjelm ...

CWE-862 https://www.cybercom.com/contentassets/ac929be030744b8e92dc6e457fdb7dcc/sitevision-disclosure-insufficient-access-control.pdf https://www.cybercom.com/About-Cybercom/Blogs/Security-Advisories/high-risk-vulnerabilities-in-cms-product/http://seclists.org/fulldisclosure/2019/Dec/12 http://seclists.org/fulldisclosure/2019/Dec/13 http://packetstormsecurity.com/files/155584/SiteVision-4.x-5.x-Insufficient-Module-Access-Control.html https://www.sitevision.se/https://nvd.nist.gov https://packetstormsecurity.com/files/155584/SiteVision-4.x-5.x-Insufficient-Module-Access-Control.html

CVE-2019-12734

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect