Travianz Project Travianz — known CVE vulnerabilities
Every CVE whose affected-product data names Travianz Project Travianz, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-36993 — CVSS 9.8 (critical): The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an…
CVE-2023-36994 — CVSS 9.8 (critical): In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration…
CVE-2023-36992 — CVSS 7.2 (high): PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code.
CVE-2023-36995 — CVSS 6.1 (medium): TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR…