Filtered by vendor Precurio
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32989 | 1 Precurio | 1 Precurio Intranet Portal | 2026-03-24 | 8.8 High |
| Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations, leading to arbitrary code execution in the context of the web server. | ||||
| CVE-2018-25168 | 1 Precurio | 2 Precurio, Precurio Intranet Portal | 2026-03-09 | 4.3 Medium |
| Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameters to add new admin accounts without requiring CSRF tokens or user interaction. | ||||
| CVE-2016-10759 | 1 Precurio | 1 Precurio | 2024-11-21 | N/A |
| The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads. | ||||
Page 1 of 1.