Nag0Mez

#8105of 53,633
33.9Total CVSS
Vulnerabilities · 4
Medium
1
High
1
Critical
2
PT-2026-5279
8.2
2026-01-29
Codexcube · Ultimate Project Manager Crm Pro · CVE-2020-37004
**Name of the Vulnerable Software and Affected Versions** Ultimate Project Manager CRM PRO version 2.0.5 **Description** A blind SQL injection allows attackers to extract usernames and password hashes from the `tbl users` database table. This is achieved by crafting malicious search parameters at the '/frontend/get article suggestion/' endpoint to retrieve user credentials using boolean-based inference techniques, where the attacker determines data by observing whether the application returns a true or false response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-22037
9.8
2021-10-07
Unknown · Integria Ims · CVE-2021-3832
Name of the Vulnerable Software and Affected Versions: Integria IMS version 5.0.92 Description: The issue allows for a Remote Code Execution attack through file uploading. An unauthenticated attacker could exploit this by abusing the `AsyncUpload()` function. Recommendations: For Integria IMS version 5.0.92, consider disabling the `AsyncUpload()` function as a temporary workaround until a patch is available. Restrict access to file uploading features to minimize the risk of exploitation.
PT-2021-22048
9.8
2021-10-07
Unknown · Integria Ims · CVE-2021-3833
Name of the Vulnerable Software and Affected Versions: Integria IMS (affected versions not specified) Description: The login check in Integria IMS uses a loose comparator to compare the MD5 hash of the user-provided password and the MD5 hash stored in the database. This allows an attacker with a specifically formatted password to exploit the issue and log in to the system with different passwords. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-22059
6.1
2021-10-07
Unknown · Integria Ims · CVE-2021-3834
**Name of the Vulnerable Software and Affected Versions** Integria IMS version 5.0.92 **Description** The issue is related to incorrect filtering of certain fields in the login.php file, which could allow an attacker to perform a cross-site scripting attack (XSS). **Recommendations** For Integria IMS version 5.0.92, update to a version that correctly filters fields related to the login.php file to prevent cross-site scripting attacks.