Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

webiness_inventory

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2019-8404
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-19.07% / 95.11%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 15:29
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.

Action-Not Available
Vendor-webiness_inventory_projectn/a
Product-webiness_inventoryn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-18752
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.64%
||
7 Day CHG~0.00%
Published-28 Oct, 2018 | 17:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.

Action-Not Available
Vendor-webiness_projectn/a
Product-webiness_inventoryn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type