Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3833 | 1 Artica | 1 Integria Ims | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords. | |||||
| CVE-2021-3832 | 1 Artica | 1 Integria Ims | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability. | |||||
| CVE-2021-3834 | 1 Artica | 1 Integria Ims | 2021-10-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS). | |||||
| CVE-2019-15091 | 1 Artica | 1 Integria Ims | 2019-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | |||||
| CVE-2018-1000812 | 1 Artica | 1 Integria Ims | 2019-08-15 | 4.3 MEDIUM | 8.1 HIGH |
| Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047. | |||||
| CVE-2018-19829 | 1 Artica | 1 Integria Ims | 2019-01-30 | 5.8 MEDIUM | 6.5 MEDIUM |
| Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | |||||
| CVE-2018-19828 | 1 Artica | 1 Integria Ims | 2019-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Artica Integria IMS 5.0.83 has XSS via the search_string parameter. | |||||