MANGO
Company Details
Linkedin ID:
mango
Website:
Employees number:
11,444
Number of followers:
1,021,951
NAICS:
448
Industry Type:
Homepage:
mango.com
IP Addresses:
0
Company ID:
MAN_2259738
Scan Status:
In-progress
MANGO Company CyberSecurity Posture
mango.com
Mango, one of the leading international fashion groups, is a global company with design and creativity at the heart of its business model and a strategy based on constant innovation, the pursuit of sustainability and a complete ecosystem of channels and partners. With its roots in Barcelona, one of the cradles of the textile industry, since it was founded in 1984, Mango has spent four decades looking to the future and inspiring the world with its passion for fashion and lifestyle. With the customer always its priority, the company bases its model on a unique fashion proposal focused on translating key fashion trends into its own language. At the Campus Mango, located at the company headquarters (Palau-solità i Plegamans, Barcelona), the company works on all areas related to creativity and every year creates over 18,000 garments and accessories. Present in more than 120 markets and with a network of close to 2,850 points of sales, Mango adapts to each country with a complete ecosystem of channels and international partners. The company closed 2024 with a turnover of 3.3 billion euros, with 32% of turnover coming from its online channel and with a workforce of more than 16,400 employees in all five continents. More information at www.mangofashiongroup.com
MANGO A.I CyberSecurity Scoring
MANGO Risk Score (AI oriented)Between 700 and 749
MANGO
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MANGO Global Score (TPRM)XXXX
MANGO
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MANGO Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Mango
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Mango, a global retail brand with over 2,500 stores across 120 markets, experienced a **third-party data breach** via an external marketing services provider. The incident exposed **customer personal data**, including first names, countries, postal codes, email addresses, and phone numbers. However, **no financial data** (e.g., banking details, credit card info, IDs, passports) or login credentials were compromised. The breach triggered notifications to affected customers, warning of potential phishing and social engineering risks. Authorities, including Spain’s Data Protection Agency (AEPD) and law enforcement, were informed. While Mango’s own infrastructure remained unaffected, the attack aligns with a recent wave of retail breaches linked to the **ShinyHunters** extortion group, which exfiltrates data and demands ransom under threat of public leaks. The company did not disclose the third-party vendor or the exact number of impacted customers.
MANGO Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MANGO
Incidents vs Retail Apparel and Fashion Industry Average (This Year)
MANGO has 16.28% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
MANGO has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types MANGO vs Retail Apparel and Fashion Industry Avg (This Year)
MANGO reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — MANGO (X = Date, Y = Severity)
MANGO cyber incidents detection timeline including parent company and subsidiaries
MANGO Company Subsidiaries
Mango, one of the leading international fashion groups, is a global company with design and creativity at the heart of its business model and a strategy based on constant innovation, the pursuit of sustainability and a complete ecosystem of channels and partners. With its roots in Barcelona, one of the cradles of the textile industry, since it was founded in 1984, Mango has spent four decades looking to the future and inspiring the world with its passion for fashion and lifestyle. With the customer always its priority, the company bases its model on a unique fashion proposal focused on translating key fashion trends into its own language. At the Campus Mango, located at the company headquarters (Palau-solità i Plegamans, Barcelona), the company works on all areas related to creativity and every year creates over 18,000 garments and accessories. Present in more than 120 markets and with a network of close to 2,850 points of sales, Mango adapts to each country with a complete ecosystem of channels and international partners. The company closed 2024 with a turnover of 3.3 billion euros, with 32% of turnover coming from its online channel and with a workforce of more than 16,400 employees in all five continents. More information at www.mangofashiongroup.com
Loading...
MANGO Similar Companies
Ralph Lauren Corporation (NYSE:RL) is a global leader in the design, marketing and distribution of luxury lifestyle products in five categories: apparel, footwear & accessories, home, fragrances and hospitality. For more than 50 years, Ralph Lauren has sought to inspire the dream of a better life th
At HUGO BOSS, we firmly believe that the passion and dedication of our employees is the essence for the successful execution of our “CLAIM 5” growth strategy. A strong commitment to empowering people and teams is therefore firmly anchored in “CLAIM 5”. In this context, our HUGO BOSS values – entrepr
Coach
Coach was founded in 1941 as a family-run workshop. In a Manhattan loft, six artisans handcrafted a collection of leather goods using skills handed down from generation to generation. Discerning consumers soon began to seek out the quality and unique nature of Coach craftsmanship. Now greatly exp
Our global house of brands unites the magic of Coach and Kate Spade New York. By intertwining different people and ideas, we push ourselves in our work and expand the bounds of possibility. Learn about our iconic brands: tapestry.com/our-brands We’ve grown by finding people dedicated to the dream a
J.Crew
Since 1983, we’ve been designing pieces that feel both familiar and refreshingly new, crafted with unbeatable quality and distinctive point of view...it’s no wonder we’ve been in your closet for four decades and counting. Today, we continue to do the classics our way, inspiring not only how you sho
Saks Global is the largest multi-brand luxury retailer in the world, comprising Saks Fifth Avenue, Neiman Marcus, Bergdorf Goodman, Saks OFF 5TH, Last Call and Horchow. Its retail portfolio includes 70 full-line luxury locations, additional off-price locations and five distinct e-commerce experience
Under Armour
Under Armour is obsessed with being better, stronger, and more focused than anyone else out there. Our mission: to make athletes better. Our vision: to inspire you with performance solutions you never knew you needed and can’t imagine living without. Our values define and unite us, the belief
Aditya Birla Fashion and Retail Ltd. (ABFRL) emerged after the consolidation of the branded apparel businesses of Aditya Birla Group comprising ABNL's Madura Fashion division and ABNL's subsidiaries Pantaloons Fashion and Retail (PFRL) and Madura Fashion & Lifestyle (MFL) in May 2015. Post the conso
C&A Brasil
A C&A foi fundada em 1841 pelos irmãos holandeses Clemens e August. Suas iniciais deram origem ao nome da marca. Somamos mais de 1,8 mil unidades em 24 países da Europa, América Latina e Ásia e estamos entre as maiores redes de varejo do mundo. No Brasil, tudo começou em 1976, com a inauguração da
.png)
MANGO CyberSecurity News
December 02, 2025 01:37 PM
Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
MuddyWater is targeting multiple Israeli sectors using its new MuddyViper backdoor, advanced loaders, and credential-stealing tools.
November 05, 2025 08:00 AM
Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting...
November 04, 2025 08:00 AM
When your partners become your weakest link: Lessons from Qantas and Mango
The Qantas and Mango breaches reveal how third-party cyber risks threaten Southeast Asian businesses through shared vendors,...
October 31, 2025 07:00 AM
In Other News: WhatsApp Passkey-Encrypted Backups, Russia Targets Meduza Malware, New Mastercard Solution
Several interesting Android malware families, UN cybercrime treaty, criminal complaint against Clearview AI in Europe.
October 24, 2025 07:00 AM
In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia
Everest group takes credit for Collins Aerospace hack, Maryland launches VDP, gamers targeted with red teaming tool and RAT.
October 21, 2025 07:00 AM
Global cyber attacks spark legal wave hitting smaller organizations hardest
As global brands, from Mango and Jaguar Land Rover to Gucci and British Airways, confront major cyber disruptions, legal experts say that...
October 21, 2025 07:00 AM
Third-Party Data Breach at Spanish Global Fashion Retailer MANGO Leaks Customer Information
Spanish multinational fashion retailer MANGO has recently experienced a third-party data breach that exposed customer information from a...
October 17, 2025 07:00 AM
In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach
Capita fined £14 million, ICTBroadcast vulnerability exploited, Spyware maker NSO acquired, CISA layoffs, Mango data breach.
October 17, 2025 07:00 AM
Mango warns of cyberattack that has exposed customer data in Spain
The fashion firm says that the incident has not compromised sensitive data such as banking information, identity documents or access...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MANGO CyberSecurity History Information
Official Website of MANGO
The official website of MANGO is https://jobs.mango.com/.
MANGO’s AI-Generated Cybersecurity Score
According to Rankiteo, MANGO’s AI-generated cybersecurity score is 748, reflecting their Moderate security posture.
How many security badges does MANGO’ have ?
According to Rankiteo, MANGO currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does MANGO have SOC 2 Type 1 certification ?
According to Rankiteo, MANGO is not certified under SOC 2 Type 1.
Does MANGO have SOC 2 Type 2 certification ?
According to Rankiteo, MANGO does not hold a SOC 2 Type 2 certification.
Does MANGO comply with GDPR ?
According to Rankiteo, MANGO is not listed as GDPR compliant.
Does MANGO have PCI DSS certification ?
According to Rankiteo, MANGO does not currently maintain PCI DSS compliance.
Does MANGO comply with HIPAA ?
According to Rankiteo, MANGO is not compliant with HIPAA regulations.
Does MANGO have ISO 27001 certification ?
According to Rankiteo,MANGO is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of MANGO
MANGO operates primarily in the Retail Apparel and Fashion industry.
Number of Employees at MANGO
MANGO employs approximately 11,444 people worldwide.
Subsidiaries Owned by MANGO
MANGO presently has no subsidiaries across any sectors.
MANGO’s LinkedIn Followers
MANGO’s official LinkedIn profile has approximately 1,021,951 followers.
NAICS Classification of MANGO
MANGO is classified under the NAICS code 448, which corresponds to Clothing and Clothing Accessories Stores.
MANGO’s Presence on Crunchbase
No, MANGO does not have a profile on Crunchbase.
MANGO’s Presence on LinkedIn
Yes, MANGO maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mango.
Cybersecurity Incidents Involving MANGO
As of December 14, 2025, Rankiteo reports that MANGO has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
MANGO has an estimated 4,917 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at MANGO ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does MANGO detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes (standard security protocols triggered), and law enforcement notified with yes (spanish police), and remediation measures with customer notifications (phishing warnings), remediation measures with regulatory disclosure (aepd), and communication strategy with customer breach notifications, communication strategy with public disclosure via media..
Incident Details
Can you provide details on each incident ?
Title: Mango Third-Party Data Breach Exposing Customer Details
Description: Mango, a global retail powerhouse with over 2,500 stores in 120+ markets, suffered a third-party data breach exposing customer details (first names, countries, postal codes, email addresses, and phone numbers). No financial data (banking, credit cards, IDs, passwords) was compromised. The breach was linked to an external marketing services provider. ShinyHunters, a known data extortion group, is suspected. Mango notified customers of potential phishing risks and informed Spanish authorities (AEPD) and law enforcement. The company's infrastructure remained unaffected, and operations continued normally.
Type: data breach
Attack Vector: third-party vendor compromisesupply chain attack
Threat Actor: ShinyHunters (suspected)
Motivation: data theftextortionfinancial gain (potential ransom)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through compromised external marketing services provider.
Impact of the Incidents
What was the impact of each incident ?
Incident : data breach MAN2192421101625
Data Compromised: First names, Countries, Postal codes, Email addresses, Phone numbers
Systems Affected: external marketing services provider
Downtime: none (company operations continued normally)
Operational Impact: none reported
Brand Reputation Impact: potential reputational damage due to customer data exposurerisk of phishing attacks targeting customers
Legal Liabilities: potential regulatory scrutiny (e.g., GDPR)risk of class-action lawsuits if data leaked
Identity Theft Risk: ['low (no financial/PII like IDs or passwords compromised)', 'phishing risk due to exposed contact details']
Payment Information Risk: none (no financial data exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data (Non-Financial) and .
Which entities were affected by each incident ?
Incident : data breach MAN2192421101625
Entity Name: Mango
Entity Type: retailer
Industry: fashion/retail
Location: global (HQ in Spain)
Size: 2,500+ stores, 120+ markets
Customers Affected: undisclosed number
Response to the Incidents
What measures were taken in response to each incident ?
Incident : data breach MAN2192421101625
Incident Response Plan Activated: yes (standard security protocols triggered)
Law Enforcement Notified: yes (Spanish police)
Remediation Measures: customer notifications (phishing warnings)regulatory disclosure (AEPD)
Communication Strategy: customer breach notificationspublic disclosure via media
Data Breach Information
What type of data was compromised in each breach ?
Incident : data breach MAN2192421101625
Type of Data Compromised: Personal data (non-financial)
Number of Records Exposed: undisclosed
Sensitivity of Data: moderate (contact details but no financial/PII like IDs or passwords)
Data Exfiltration: yes (by attackers)
Personally Identifiable Information: partial (first names, email, phone, location data)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: customer notifications (phishing warnings), regulatory disclosure (AEPD), .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : data breach MAN2192421101625
Data Encryption: no (data exfiltration-only attack by ShinyHunters)
Data Exfiltration: yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : data breach MAN2192421101625
Regulations Violated: potential GDPR (EU General Data Protection Regulation),
Legal Actions: none reported yet, risk of class-action lawsuits if data leaked,
Regulatory Notifications: Spanish Data Protection Agency (AEPD)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through none reported yet, risk of class-action lawsuits if data leaked, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : data breach MAN2192421101625
Lessons Learned: Third-party supplier risks remain under-assessed in retail sector., Implicit trust in suppliers can lead to supply chain attacks., Need for better containment strategies to limit impact of breaches., Proactive customer communication is critical to mitigate phishing risks post-breach.
What recommendations were made to prevent future incidents ?
Incident : data breach MAN2192421101625
Recommendations: Conduct thorough third-party vendor risk assessments, especially for suppliers handling customer data., Implement zero-trust architectures to limit lateral movement in supply chain attacks., Enhance monitoring for data exfiltration attempts from third-party systems., Develop incident response playbooks specifically for third-party breaches., Educate customers on phishing risks following data exposure incidents.Conduct thorough third-party vendor risk assessments, especially for suppliers handling customer data., Implement zero-trust architectures to limit lateral movement in supply chain attacks., Enhance monitoring for data exfiltration attempts from third-party systems., Develop incident response playbooks specifically for third-party breaches., Educate customers on phishing risks following data exposure incidents.Conduct thorough third-party vendor risk assessments, especially for suppliers handling customer data., Implement zero-trust architectures to limit lateral movement in supply chain attacks., Enhance monitoring for data exfiltration attempts from third-party systems., Develop incident response playbooks specifically for third-party breaches., Educate customers on phishing risks following data exposure incidents.Conduct thorough third-party vendor risk assessments, especially for suppliers handling customer data., Implement zero-trust architectures to limit lateral movement in supply chain attacks., Enhance monitoring for data exfiltration attempts from third-party systems., Develop incident response playbooks specifically for third-party breaches., Educate customers on phishing risks following data exposure incidents.Conduct thorough third-party vendor risk assessments, especially for suppliers handling customer data., Implement zero-trust architectures to limit lateral movement in supply chain attacks., Enhance monitoring for data exfiltration attempts from third-party systems., Develop incident response playbooks specifically for third-party breaches., Educate customers on phishing risks following data exposure incidents.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Third-party supplier risks remain under-assessed in retail sector.,Implicit trust in suppliers can lead to supply chain attacks.,Need for better containment strategies to limit impact of breaches.,Proactive customer communication is critical to mitigate phishing risks post-breach.
References
Where can I find more information about each incident ?
Incident : data breach MAN2192421101625
Source: TechRadar via Cybernews
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: TechRadar via Cybernews.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data breach MAN2192421101625
Investigation Status: ongoing (third-party vendor and threat actor not publicly identified)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customer Breach Notifications and Public Disclosure Via Media.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : data breach MAN2192421101625
Stakeholder Advisories: Notifications To Spanish Data Protection Agency (Aepd), Law Enforcement Engagement.
Customer Advisories: breach notifications with phishing warnings issued to affected customers
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notifications To Spanish Data Protection Agency (Aepd), Law Enforcement Engagement, Breach Notifications With Phishing Warnings Issued To Affected Customers and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : data breach MAN2192421101625
Entry Point: Compromised External Marketing Services Provider,
High Value Targets: Customer Databases,
Data Sold on Dark Web: Customer Databases,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : data breach MAN2192421101625
Root Causes: Insufficient Third-Party Vendor Security Controls., Lack Of Segmentation Between Supplier Systems And Customer Data., Over-Reliance On Implicit Trust In Supply Chain Partners.,
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an ShinyHunters (suspected).
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were first names, countries, postal codes, email addresses, phone numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was external marketing services provider.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were postal codes, countries, phone numbers, email addresses and first names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was none reported yet, risk of class-action lawsuits if data leaked, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Proactive customer communication is critical to mitigate phishing risks post-breach.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Educate customers on phishing risks following data exposure incidents., Enhance monitoring for data exfiltration attempts from third-party systems., Develop incident response playbooks specifically for third-party breaches., Conduct thorough third-party vendor risk assessments, especially for suppliers handling customer data. and Implement zero-trust architectures to limit lateral movement in supply chain attacks..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is TechRadar via Cybernews.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (third-party vendor and threat actor not publicly identified).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was notifications to Spanish Data Protection Agency (AEPD), law enforcement engagement, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an breach notifications with phishing warnings issued to affected customers.
Initial Access Broker
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 2.6
Severity: HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mango' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
