Every CVE whose affected-product data names Softwarepublico E-sic, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2017-15373 — CVSS 9.8 (critical): E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
CVE-2017-15379 — CVSS 9.8 (critical): An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
CVE-2017-15381 — CVSS 9.8 (critical): SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
CVE-2017-15378 — CVSS 8.8 (high): SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
CVE-2017-15380 — CVSS 6.1 (medium): XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.