Simone Aiello - Security Researcher - Exploit Intelligence Platform

CVE-2025-51627 WRITEUP MEDIUM WRITEUP

Agenzia Impresa Eccobook v2.81.1 - Privilege Escalation

Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator.

CVSS 6.5

View Code

CVE-2025-51628 WRITEUP HIGH WRITEUP

Agenzia Impresa Eccobook <v2.81.1 - IDOR

Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.

CVSS 7.5

View Code

CVE-2025-51629 WRITEUP HIGH WRITEUP

Agenzia Impresa Eccobook 2.81.1 - XSS

A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter.

CVSS 8.8

View Code