Every CVE whose affected-product data names Sitos Sitos Six, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2019-15746 — CVSS 9.8 (critical): SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and…
CVE-2019-15748 — CVSS 9.8 (critical): SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An…
CVE-2019-15751 — CVSS 9.8 (critical): An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM…
CVE-2019-15747 — CVSS 8.8 (high): SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role…
CVE-2019-15749 — CVSS 6.5 (medium): SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with…
CVE-2019-15750 — CVSS 6.1 (medium): A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web…