6.5CVSS
6.4AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.003EPSS
6.5CVSS
6.4AI Score
0.014EPSS
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.
10CVSS
7.4AI Score
0.0004EPSS
Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.
7.1CVSS
6AI Score
0.0004EPSS
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.
7.1CVSS
5.9AI Score
0.0004EPSS