本ページは softwarepublico e-sic に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2017-15381 | SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). | [email protected] | 9.8 | 0.24% | 2017-10-23 | 2026-05-13 |
| CVE-2017-15380 | XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | [email protected] | 6.1 | 0.23% | 2017-10-23 | 2026-05-13 |
| CVE-2017-15379 | An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | [email protected] | 9.8 | 2.80% | 2017-10-23 | 2026-05-13 |
| CVE-2017-15378 | SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | [email protected] | 8.8 | 0.30% | 2017-10-23 | 2026-05-13 |
| CVE-2017-15373 | E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | [email protected] | 9.8 | 0.60% | 2017-10-16 | 2026-05-13 |