Bruno De Barros Bulle

#9037of 53,633
30.2Total CVSS
Vulnerabilities · 4
Medium
2
Critical
2
PT-2020-13252
5.3
2020-05-09
Gnuteca · Gnuteca · CVE-2020-12764
**Name of the Vulnerable Software and Affected Versions** Gnuteca version 3.8 **Description** The issue allows Directory Traversal via the "file.php?folder=/&file=" endpoint. This could potentially allow access to sensitive files on the system. **Recommendations** For Gnuteca version 3.8, as a temporary workaround, consider restricting access to the "file.php" endpoint until a patch is available. Avoid using the `folder` and `file` parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-13253
5.3
2020-05-09
Solis · Solis Miolo · CVE-2020-12765
**Name of the Vulnerable Software and Affected Versions** Solis Miolo version 2.0 **Description** The issue allows for Directory Traversal via the "index.php?module=install&action=view&item=" endpoint. This could potentially allow an attacker to access sensitive files on the system. **Recommendations** For Solis Miolo version 2.0, restrict access to the "index.php?module=install&action=view&item=" endpoint to minimize the risk of exploitation. Avoid using the `item` variable in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-13254
9.8
2020-05-09
Gnuteca · Gnuteca · CVE-2020-12766
**Name of the Vulnerable Software and Affected Versions** Gnuteca version 3.8 **Description** The issue allows SQL Injection via the `exemplaryStatusId` parameter in the "action=main:search:simpleSearch" endpoint. **Recommendations** For Gnuteca version 3.8, avoid using the `exemplaryStatusId` parameter in the "action=main:search:simpleSearch" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-15940
9.8
2019-12-12
Octeth · Octeth Oempro · CVE-2019-19740
**Name of the Vulnerable Software and Affected Versions** Octeth Oempro versions 4.7 through 4.8 **Description** The issue allows SQL injection. The parameter `CampaignID` in the `Campaign.Get` endpoint is vulnerable. **Recommendations** For versions 4.7 and 4.8, avoid using the `CampaignID` parameter in the `Campaign.Get` endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the `Campaign.Get` endpoint to minimize the risk of exploitation.