Filtered by vendor Ragic
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9983 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 7.5 High |
| Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | ||||
| CVE-2024-9984 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 9.8 Critical |
| Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | ||||
| CVE-2024-9985 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 10 Critical |
| Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | ||||
| CVE-2022-40739 | 1 Ragic | 1 Ragic | 2024-09-17 | 5.4 Medium |
| Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. | ||||
| CVE-2023-41343 | 1 Ragic | 1 Enterprise Cloud Database | 2024-09-05 | 5.4 Medium |
| Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | ||||
Page 1 of 1.