Vulnerabilities in CodeAstro

150 results
Vexday analysis

Com 147 CVEs catalogadas e 40 surgidas nos últimos 90 dias, o portfólio de vulnerabilidades do CodeAstro apresenta um volume de descobertas recentes que merece atenção, mesmo que a taxa de exploração ativa esteja abaixo da média geral do catálogo — sem registros no CISA KEV até o momento. A falha mais comum é CWE-89 (injeção de SQL), padrão estrutural que indica deficiências sistemáticas na sanitização de entradas e que historicamente facilita a produção de exploits funcionais; esse cenário é corroborado pela existência de 40 CVEs com PoC pública disponível. A CVE mais perigosa atualmente rastreada é CVE-2024-7815, com escore EPSS de 0,0113, sugerindo probabilidade ainda baixa de exploração em larga escala no curto prazo, mas que deve ser monitorada dado o contexto de PoCs circulando publicamente. Equipes de segurança que utilizam soluções CodeAstro devem priorizar a aplicação de patches recentes e revisar controles de acesso a banco de dados como mitigação imediata para a classe de risco dominante.

CVE-2024-7815MEDIUMCodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scriptingEPSS 1.1%CVE-2024-2076MEDIUMCodeAstro House Rental Management System tenant.php missing authenticationEPSS 0.9%CVE-2024-13067MEDIUMCodeAstro Online Food Ordering System All Users Page all_users.php access controlEPSS 0.8%CVE-2024-7912MEDIUMCodeAstro Online Railway Reservation System assets exposure of information through directory listingEPSS 0.8%CVE-2024-0247HIGHCodeAstro Online Food Ordering System Admin Panel sql injectionEPSS 0.8%CVE-2023-5795MEDIUMCodeAstro POS System Profile Picture profil unrestricted uploadEPSS 0.8%CVE-2024-13038MEDIUMCodeAstro Simple Loan Management System Login index.php sql injectionEPSS 0.7%CVE-2023-6773MEDIUMCodeAstro POS and Inventory Management System User Creation register_account access controlEPSS 0.7%CVE-2024-0194MEDIUMCodeAstro Internet Banking System Profile Picture pages_account.php unrestricted uploadEPSS 0.7%CVE-2024-0343MEDIUMCodeAstro Simple House Rental System Login Panel cross site scriptingEPSS 0.7%CVE-2023-5796MEDIUMCodeAstro POS System Logo setting unrestricted uploadEPSS 0.7%CVE-2024-1199MEDIUMCodeAstro Employee Task Management System attendance-info.php denial of serviceEPSS 0.7%CVE-2024-2333MEDIUMCodeAstro Membership Management System add_members.php sql injectionEPSS 0.7%CVE-2024-2351MEDIUMCodeAstro Ecommerce Site Search action.php sql injectionEPSS 0.7%CVE-2024-1823MEDIUMCodeAstro Simple Voting System Backend users.php access controlEPSS 0.7%CVE-2023-6774MEDIUMCodeAstro POS and Inventory Management System register_account cross site scriptingEPSS 0.7%CVE-2024-1819MEDIUMCodeAstro Membership Management System Add Members Tab unrestricted uploadEPSS 0.7%CVE-2024-1818MEDIUMCodeAstro Membership Management System Logo unrestricted uploadEPSS 0.7%CVE-2023-5693MEDIUMCodeAstro Internet Banking System pages_reset_pwd.php sql injectionEPSS 0.6%CVE-2024-7910MEDIUMCodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted uploadEPSS 0.6%