Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
6.1CVSS
6.3AI Score
0.004EPSS
8.8CVSS
8.6AI Score
0.004EPSS
5.3CVSS
5.2AI Score
0.022EPSS
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
7.5CVSS
7.4AI Score
0.035EPSS
9.8CVSS
9.4AI Score
0.002EPSS
6.5CVSS
6.5AI Score
0.001EPSS
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
8.8CVSS
9.1AI Score
0.002EPSS
8.1CVSS
8.4AI Score
0.002EPSS
8.8CVSS
8.7AI Score
0.002EPSS
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
7.5CVSS
7.5AI Score
0.001EPSS