Vulnerabilities (CVE)

Filtered by vendor Softwarepublico Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-32409	1 Softwarepublico	1 I3geo	2023-08-08	N/A	9.8 CRITICAL
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
CVE-2017-15379	1 Softwarepublico	1 E-sic	2019-10-03	7.5 HIGH	9.8 CRITICAL
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
CVE-2017-15381	1 Softwarepublico	1 E-sic	2017-10-31	7.5 HIGH	9.8 CRITICAL
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
CVE-2017-15373	1 Softwarepublico	1 E-sic	2017-10-27	7.5 HIGH	9.8 CRITICAL
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).