Aggregates CVE and security vulnerability intelligence across all infinite_automation_systems-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues involve various input-handling and memory-safety problems that may affect software stability and security.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-7904 | Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. | [email protected] | 6.5 | 6.49% | 2015-10-28 | 2026-05-06 |
| CVE-2015-7903 | SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | [email protected] | 6.5 | 0.67% | 2015-10-28 | 2026-05-06 |
| CVE-2015-7902 | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. | [email protected] | 5.0 | 12.35% | 2015-10-28 | 2026-05-06 |
| CVE-2015-7901 | Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | [email protected] | 6.5 | 7.28% | 2015-10-28 | 2026-05-06 |
| CVE-2015-7900 | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page. | [email protected] | 4.3 | 12.81% | 2015-10-28 | 2026-05-06 |
| CVE-2015-6494 | Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 3.5 | 1.30% | 2015-10-28 | 2026-05-06 |
| CVE-2015-6493 | Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | [email protected] | 6.8 | 0.32% | 2015-10-28 | 2026-05-06 |
| CVE-2015-1179 | Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter. | [email protected] | 4.3 | 0.22% | 2015-01-26 | 2026-05-06 |