Filtered by vendor Eveo
Subscriptions
Filtered by product Urve Web Manager
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36846 | 1 Eveo | 1 Urve Web Manager | 2025-07-22 | 9.8 Critical |
| An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed directly into the shell_exec() function of PHP. NOTE: this can be chained with CVE-2025-36845. | ||||
| CVE-2022-2418 | 1 Eveo | 1 Urve Web Manager | 2025-04-15 | 8 High |
| A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-2419 | 1 Eveo | 1 Urve Web Manager | 2025-04-15 | 8 High |
| A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-2420 | 1 Eveo | 1 Urve Web Manager | 2025-04-15 | 8 High |
| A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. | ||||
Page 1 of 1.