OpenCVE

Filtered by vendor Precurio Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-25168	1 Precurio	1 Precurio	2026-03-06	4.3 Medium
Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameters to add new admin accounts without requiring CSRF tokens or user interaction.
CVE-2016-10759	1 Precurio	1 Precurio	2024-11-21	N/A
The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.

Page 1 of 1.