Every CVE whose affected-product data names Vice Webopac, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-11020 — CVSS 9.8 (critical): Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to…
CVE-2024-11016 — CVSS 9.8 (critical): Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to…
CVE-2024-11018 — CVSS 9.8 (critical): Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and…
CVE-2021-42839 — CVSS 8.8 (high): Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission…
CVE-2024-11017 — CVSS 8.8 (high): Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload…
CVE-2021-42838 — CVSS 6.1 (medium): Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated…
CVE-2024-11019 — CVSS 6.1 (medium): Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute…
CVE-2024-11021 — CVSS 5.4 (medium): Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary…