Ferat Aydin

Researcher fromSEC4YOU
#5883of 53,635
45.9Total CVSS
Vulnerabilities · 6
Medium
2
High
2
Critical
2
PT-2025-32305
5.3
2025-08-07
Sage · Sage Dpw · CVE-2025-51533
**Name of the Vulnerable Software and Affected Versions** Sage DPW versions 2024 12 004 and below Sage DPW version 2024.12.003 **Description** An Insecure Direct Object Reference (IDOR) exists in Sage DPW, allowing unauthorized attackers to access internal forms by sending a crafted GET request. **Recommendations** Update Sage DPW to a version later than 2024 12 004. Update Sage DPW to a version later than 2024.12.003.
PT-2025-32185
7.5
2025-08-06
Sage · Sage Dpw · CVE-2025-51532
**Name of the Vulnerable Software and Affected Versions** Sage DPW versions prior to 2024 12 004 **Description** Incorrect access control in Sage DPW allows unauthorized attackers to access the built-in Database Monitor via a crafted request. **Recommendations** Update to version 2024 12 004 or later.
PT-2025-32192
6.1
2025-08-06
Sage Dpw · Sage Dpw · CVE-2025-51531
**Name of the Vulnerable Software and Affected Versions** Sage DPW versions 2024.12.003 **Description** A reflected cross-site scripting (XSS) vulnerability exists in Sage DPW version 2024.12.003. This allows attackers to execute arbitrary JavaScript in the context of a victim’s browser by injecting a crafted payload into the `tabfields` parameter at the `/dpw/scripts/cgiip.exe/WService` API endpoint. **Recommendations** Upgrade to version 2024 12 004.
PT-2025-31819
9.8
2025-08-04
Openatlas · Openatlas · CVE-2025-51536
**Name of the Vulnerable Software and Affected Versions** OpenAtlas version 8.11.0 **Description** OpenAtlas v8.11.0 contains a hardcoded Administrator password. **Recommendations** Change the hardcoded Administrator password.
PT-2025-31830
8.1
2025-08-04
Austrian Archaeological Institute · Openatlas · CVE-2025-51534
**Name of the Vulnerable Software and Affected Versions** Austrian Archaeological Institute (AI) OpenAtlas version 8.11.0 **Description** OpenAtlas contains a cross-site scripting (XSS) issue. Attackers can inject a crafted payload into the `Name` field, enabling the execution of arbitrary web scripts or HTML. **Recommendations** Update to a newer version of OpenAtlas that addresses this issue. As a temporary workaround, sanitize all user inputs to the `Name` field to prevent the injection of malicious scripts.
PT-2025-31831
9.1
2025-08-04
Openatlas · Openatlas · CVE-2025-51535
**Name of the Vulnerable Software and Affected Versions** OpenAtlas version 8.11.0 **Description** OpenAtlas contains a SQL injection vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.