Filtered by vendor Ofofonobsdev
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4306 | 1 Ofofonobsdev | 1 Hubbank | 2025-04-23 | 9.9 Critical |
| Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution. | ||||
| CVE-2024-4307 | 1 Ofofonobsdev | 1 Hubbank | 2025-04-23 | 8.1 High |
| SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards. php?id=1, /accounts/wire-transfer.php?id=1 and /accounts/wiretransfer-pending.php?id=1, id parameter) and retrieve the information stored in the database. | ||||
| CVE-2024-4308 | 1 Ofofonobsdev | 1 Hubbank | 2025-04-23 | 8.1 High |
| SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.php?id=1, /admin/delete_cards.php?id=1,/admin/view_cards.php?id=1 and /admin/view_users.php?id=1, id parameter) and retrieve the information stored in the database. | ||||
| CVE-2024-4309 | 2 Ofofonobs, Ofofonobsdev | 2 Hubbank, Hubbank | 2025-04-23 | 8.1 High |
| SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_transaction. php?id=1 and /user/viewloantrans.php?id=1, id parameter) and retrieve the information stored in the database. | ||||
| CVE-2024-4310 | 1 Ofofonobsdev | 1 Hubbank | 2025-04-23 | 6.3 Medium |
| Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover. | ||||
Page 1 of 1.