Filtered by vendor Precurio
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32989 | 1 Precurio | 1 Intranet Portal | 2026-04-16 | N/A | 8.8 HIGH |
| Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations, leading to arbitrary code execution in the context of the web server. | |||||
| CVE-2016-10759 | 1 Precurio | 1 Precurio | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads. | |||||