Aggregates CVE and security vulnerability intelligence across all smarts-srl-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk command injection, with potential vendor impact data exposure across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-50717 | SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. | [email protected] | 9.8 | 0.85% | 2024-12-27 | 2026-06-17 |
| CVE-2024-50716 | SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component. | [email protected] | 9.8 | 0.85% | 2024-12-27 | 2026-06-17 |
| CVE-2024-50715 | An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component. | [email protected] | 7.5 | 1.34% | 2024-12-27 | 2026-06-17 |
| CVE-2024-50713 | SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php. | [email protected] | 9.8 | 0.50% | 2024-12-27 | 2026-06-17 |