This page lists publicly disclosed CVE vulnerabilities affecting softwarepublico e-sic (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-15381 | SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). | [email protected] | 9.8 | 0.24% | 2017-10-23 | 2026-05-13 |
| CVE-2017-15380 | XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | [email protected] | 6.1 | 0.23% | 2017-10-23 | 2026-05-13 |
| CVE-2017-15379 | An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | [email protected] | 9.8 | 2.80% | 2017-10-23 | 2026-05-13 |
| CVE-2017-15378 | SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | [email protected] | 8.8 | 0.30% | 2017-10-23 | 2026-05-13 |
| CVE-2017-15373 | E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | [email protected] | 9.8 | 0.60% | 2017-10-16 | 2026-05-13 |