Wawa, Inc.
Company Details
Linkedin ID:
wawa-inc-
Website:
Employees number:
18,645
Number of followers:
106,567
NAICS:
43
Industry Type:
Homepage:
wawa.com
IP Addresses:
4
Company ID:
WAW_2825267
Scan Status:
Completed
Wawa, Inc. Company CyberSecurity Posture
wawa.com
Here at Wawa, the sky's the limit. Voted as “America’s Favorite Convenience Store,” Wawa operates a chain of convenience retail stores located in Pennsylvania, New Jersey, Delaware, Maryland, Indiana, Ohio, Kentucky, Virginia, North Carolina, Georgia, Alabama, Florida, and Washington D.C. We're fast-growing and expanding in 2025 and 2026. Today, Wawa is your all day, every day stop for fresh, built-to-order foods, beverages, coffee, fuel services, and surcharge-free ATMs. We're making every day a little more fulfilling—one smile, hoagie, and experience at a time. We know that it's our Associates who put the "wow" in working at Wawa, so we're invested in giving them the encouragement they need to take flight. By providing flexibility and support, at work and beyond, we create an environment where everyone can thrive. We believe that with the right ingredients to grow and build a career—and a little wind beneath the wings—our Associates can reach new heights. Guided by our commitment to community, Wawa's 46K+ Associates take pride in putting people first, making days brighter, and bringing joy to our friends and neighbors. With opportunities such as volunteering, charitable giving, and events, we're able to extend care beyond the workplace, building stronger neighborhoods and long-lasting relationships. We have benefits that fuel well-being, including:* • Employee Stock Ownership Plan (ESOP) • Tuition Reimbursement • 401(k) Plan • Medical/Dental/Prescription Coverage • Flexible Spending Accounts (Health Care & Dependent Care) • Employee Assistance & Wellness Programs • Employee Credit Union • Paid Time Off • Employee Resource Groups • Parental Leave • Wellness Programs *eligibility requirements may apply Got growth goals? Looking for a supportive flock? Soar with us!
Wawa, Inc. A.I CyberSecurity Scoring
Wawa, Inc. Risk Score (AI oriented)Between 700 and 749
Wawa, Inc.
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Wawa, Inc. Global Score (TPRM)XXXX
Wawa, Inc.
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Wawa, Inc. Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Wawa
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In 2019, Wawa experienced a significant data breach lasting **eight months (March 4–December 12)**, where **malware on payment processing servers** exposed **credit/debit card details** (numbers, expiration dates, and cardholder names) of customers across **all 850 stores and fuel pumps**. The breach led to **fraudulent transactions**, prompting a **$9 million settlement** distributed via eGiftCards. Victims received **$5–$500** based on their losses: $5 for fraud with reversed charges, $15 for fraud without out-of-pocket costs, and $500 for verified financial harm. The breach was halted after discovery on **December 10, 2019**, but the prolonged exposure and **customer financial fraud** underscored severe operational and reputational damage. Wawa’s response included direct compensation but faced scrutiny over delayed detection and communication.
Wawa, Inc.
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: The California Office of the Attorney General reported that Wawa, Inc. experienced a data breach involving malware on payment processing servers, discovered on December 10, 2019, and contained by December 12, 2019. The breach potentially affected payment card information of individuals using cards at Wawa locations from March 4, 2019, to December 12, 2019, though the exact number of affected individuals is unknown.
Wawa, Inc. Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Wawa, Inc.
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Wawa, Inc. in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Wawa, Inc. in 2025.
Incident Types Wawa, Inc. vs Retail Industry Avg (This Year)
No incidents recorded for Wawa, Inc. in 2025.
Incident History — Wawa, Inc. (X = Date, Y = Severity)
Wawa, Inc. cyber incidents detection timeline including parent company and subsidiaries
Wawa, Inc. Company Subsidiaries
Here at Wawa, the sky's the limit. Voted as “America’s Favorite Convenience Store,” Wawa operates a chain of convenience retail stores located in Pennsylvania, New Jersey, Delaware, Maryland, Indiana, Ohio, Kentucky, Virginia, North Carolina, Georgia, Alabama, Florida, and Washington D.C. We're fast-growing and expanding in 2025 and 2026. Today, Wawa is your all day, every day stop for fresh, built-to-order foods, beverages, coffee, fuel services, and surcharge-free ATMs. We're making every day a little more fulfilling—one smile, hoagie, and experience at a time. We know that it's our Associates who put the "wow" in working at Wawa, so we're invested in giving them the encouragement they need to take flight. By providing flexibility and support, at work and beyond, we create an environment where everyone can thrive. We believe that with the right ingredients to grow and build a career—and a little wind beneath the wings—our Associates can reach new heights. Guided by our commitment to community, Wawa's 46K+ Associates take pride in putting people first, making days brighter, and bringing joy to our friends and neighbors. With opportunities such as volunteering, charitable giving, and events, we're able to extend care beyond the workplace, building stronger neighborhoods and long-lasting relationships. We have benefits that fuel well-being, including:* • Employee Stock Ownership Plan (ESOP) • Tuition Reimbursement • 401(k) Plan • Medical/Dental/Prescription Coverage • Flexible Spending Accounts (Health Care & Dependent Care) • Employee Assistance & Wellness Programs • Employee Credit Union • Paid Time Off • Employee Resource Groups • Parental Leave • Wellness Programs *eligibility requirements may apply Got growth goals? Looking for a supportive flock? Soar with us!
Loading...
Wawa, Inc. Similar Companies
Victoria’s Secret & Co. (NYSE: VSCO) is a specialty retailer of modern, fashion-inspired collections including signature bras, panties, lingerie, casual sleepwear, athleisure and swim, as well as award-winning prestige fragrances and body care. VS&Co is comprised of market leading brands, Victoria’s
Primark
Primark is an international fashion retailer employing more than 80,000 colleagues across 17 countries in Europe and the US. Founded in Ireland in 1969 under the Penneys brand, Primark aims to provide affordable choices for everyone, from great quality everyday essentials to stand-out style across w
Walmart
Sixty years ago, Sam Walton started a single mom-and-pop shop and transformed it into the world’s biggest retailer. Since those founding days, one thing has remained consistent: our commitment to helping our customers save money so they can live better. Today, we’re reinventing the shopping experien
Walmart Canada
Walmart Canada operates a chain of more than 400 stores nationwide serving 1.5 million customers each day. Walmart Canada's flagship online store, Walmart.ca is visited by more than 1.5 million customers daily. With more than 100,000 associates, Walmart Canada is one of Canada's largest employers an
Indomaret Group
Originated from the idea to facilitate the provision of employees’ basic daily needs, a store, known as Indomaret, was established in 1988. As the store developed, the Company were interested to further explore and understand the consumers’ various needs and shopping behaviors. Hence, several employ
Raia
Nossa página oficial no LinkedIn é https://bit.ly/2XT3eZl Fundada em 1905 na cidade de Araraquara, a Raia é uma das bandeiras da RD Saúde (Raia Drogasil S.A.) e possui mais de 1000 farmácias em todo o Brasil. A RD Saúde é um ecossistema de saúde integral, com 3 mil farmácias em todo o Brasil e neg
Dollar General
Dollar General has been Serving Others for approximately 85 years. With approximately 20,000 stores, we serve communities across the country, from right around the corner. We exist to provide convenience, quality, and value, so our customers can get back to what's important. Our products include hig
Azadea Group
AZADEA Group is a premier lifestyle retail company that owns and operates more than 40+ leading international franchise concepts across the Middle East and Africa. With over 13,500 employees, dedicated offices in every market it operates, and world-class infrastructure, the company oversees over 700
Target is one of the world’s most recognized brands and one of America’s leading retailers. We make Target our guests’ preferred shopping destination by offering outstanding value, inspiration, innovation and an exceptional guest experience that no other retailer can deliver. Target is committed to
.png)
Wawa, Inc. CyberSecurity News
September 02, 2025 07:00 AM
Saquon Barkley Partners with Wawa in a New Commercial to Celebrate Fans
Wawa and the Philadelphia Eagles' running back collaborated to announce a brand-new hoagie, “The Saquon,” just in time for football season...
August 13, 2025 07:00 AM
Wawa Announces Plans to Expand in Middle Tennessee; Breaks Ground on First Stores
Community Day and Groundbreaking Events Included VIP Customers, Wawa Products and Remarks from Leadership on GrowthWAWA, Pa., Aug.
June 25, 2025 07:00 AM
Court Approves $3.2 Million Fee Award in Wawa Breach Deal (1)
A $3.2 million attorneys' fee award in a class action over a 2019 data breach suffered by the Wawa Inc. convenience-store chain that resulted in a $12.2...
April 02, 2025 07:00 AM
Wawa breaks ground on new Staunton location as part of westward Va. expansion
Wawa held a groundbreaking ceremony Wednesday at its future location in Staunton, right along the stretch of Richmond Avenue near the...
November 21, 2024 06:16 PM
Forbes Most Trusted Companies in America 2026 List
Forbes' 2026 list of Most Trusted Companies in America showcases the businesses with the most confidence from customers, employees and investors.
September 27, 2024 07:00 AM
Wawa Offers Free Hot Coffee and Fountain Beverages for First Responders, National Guard and Emergency Personnel in Florida During Response to Hurricane Helene
Wawa, Inc. First responders can visit any Florida store from September 26-29. WAWA, Pa., Sept. 27, 2024 (GLOBE NEWSWIRE) -- To support...
September 19, 2024 07:00 AM
Pennsylvania BF&R Grants Refund to Steadfast Company!
WaWa, Inc. wins sales tax refunds for software used outside Pennsylvania. Learn how the Pennsylvania BF&R ruled in favor of out-of-state...
August 13, 2024 10:34 PM
Wawa caters to retail customers with digital offerings
Wawa's goal is to create a unified commerce strategy — augmenting human action with digital enhancements for greater experiences for both customers and...
May 22, 2024 07:00 AM
Credit card skimmer found on self-checkout register inside Towson Wawa
A credit card skimmer was found inside a Wawa gas station in Baltimore County. "I think it's super alarming because we come here, like, every single day, and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Wawa, Inc. CyberSecurity History Information
Official Website of Wawa, Inc.
The official website of Wawa, Inc. is http://www.wawa.com.
Wawa, Inc.’s AI-Generated Cybersecurity Score
According to Rankiteo, Wawa, Inc.’s AI-generated cybersecurity score is 749, reflecting their Moderate security posture.
How many security badges does Wawa, Inc.’ have ?
According to Rankiteo, Wawa, Inc. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Wawa, Inc. have SOC 2 Type 1 certification ?
According to Rankiteo, Wawa, Inc. is not certified under SOC 2 Type 1.
Does Wawa, Inc. have SOC 2 Type 2 certification ?
According to Rankiteo, Wawa, Inc. does not hold a SOC 2 Type 2 certification.
Does Wawa, Inc. comply with GDPR ?
According to Rankiteo, Wawa, Inc. is not listed as GDPR compliant.
Does Wawa, Inc. have PCI DSS certification ?
According to Rankiteo, Wawa, Inc. does not currently maintain PCI DSS compliance.
Does Wawa, Inc. comply with HIPAA ?
According to Rankiteo, Wawa, Inc. is not compliant with HIPAA regulations.
Does Wawa, Inc. have ISO 27001 certification ?
According to Rankiteo,Wawa, Inc. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Wawa, Inc.
Wawa, Inc. operates primarily in the Retail industry.
Number of Employees at Wawa, Inc.
Wawa, Inc. employs approximately 18,645 people worldwide.
Subsidiaries Owned by Wawa, Inc.
Wawa, Inc. presently has no subsidiaries across any sectors.
Wawa, Inc.’s LinkedIn Followers
Wawa, Inc.’s official LinkedIn profile has approximately 106,567 followers.
NAICS Classification of Wawa, Inc.
Wawa, Inc. is classified under the NAICS code 43, which corresponds to Retail Trade.
Wawa, Inc.’s Presence on Crunchbase
Yes, Wawa, Inc. has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/wawa-inc.
Wawa, Inc.’s Presence on LinkedIn
Yes, Wawa, Inc. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/wawa-inc-.
Cybersecurity Incidents Involving Wawa, Inc.
As of December 14, 2025, Rankiteo reports that Wawa, Inc. has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Wawa, Inc. has an estimated 15,525 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Wawa, Inc. ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
What was the total financial impact of these incidents on Wawa, Inc. ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $9 million.
How does Wawa, Inc. detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with contained by december 12, 2019, and incident response plan activated with yes (discovered on dec 10, 2019; contained by dec 12, 2019), and containment measures with malware removal from payment servers, and recovery measures with $9m settlement with egiftcard payouts to affected customers, and communication strategy with email notifications to affected customers (sent nov 19, 2021+), communication strategy with public settlement details..
Incident Details
Can you provide details on each incident ?
Title: Wawa Data Breach
Description: The California Office of the Attorney General reported that Wawa, Inc. experienced a data breach involving malware on payment processing servers, discovered on December 10, 2019, and contained by December 12, 2019. The breach potentially affected payment card information of individuals using cards at Wawa locations from March 4, 2019, to December 12, 2019, though the exact number of affected individuals is unknown.
Date Detected: 2019-12-10
Date Resolved: 2019-12-12
Type: Data Breach
Attack Vector: Malware
Title: Wawa Data Breach (2019) – Exposure of Customer Payment Card Data
Description: Between March 4 and December 12, 2019, malware on Wawa's payment processing servers exposed credit and debit card data (including card numbers, expiration dates, and cardholder names) of customers who used their cards at any of Wawa's 850 stores or fuel pumps. The breach was discovered on December 10, 2019, and contained two days later. A $9 million settlement was reached, with affected customers receiving eGiftCards of varying amounts ($5, $15, or $500) based on their fraud-related losses. The breach lasted approximately 8 months and impacted millions of customers.
Date Detected: 2019-12-10
Date Resolved: 2019-12-12
Type: data breach
Attack Vector: malware on payment processing servers
Motivation: financial gain (likely theft of payment card data for fraud)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach WAW739072825
Data Compromised: Payment card information
Systems Affected: Payment processing servers
Payment Information Risk: High
Incident : data breach WAW1302913112225
Financial Loss: $9 million (settlement payout)
Data Compromised: Credit/debit card numbers, Card expiration dates, Cardholder names
Systems Affected: payment processing servers
Downtime: 2 days (containment period)
Brand Reputation Impact: moderate (public breach disclosure and settlement)
Legal Liabilities: $9 million settlement
Identity Theft Risk: high (payment card data exposed)
Payment Information Risk: high (full card details compromised)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $4.50 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment card information, Payment Card Data (Pii) and .
Which entities were affected by each incident ?
Incident : Data Breach WAW739072825
Entity Name: Wawa, Inc.
Entity Type: Company
Industry: Retail
Location: Multiple locations
Customers Affected: Unknown
Incident : data breach WAW1302913112225
Entity Name: Wawa, Inc.
Entity Type: retail/convenience store chain
Industry: Retail (Food & Beverage, Fuel)
Location: Primarily U.S. East Coast (850 stores)
Customers Affected: millions (all customers who used cards at Wawa stores/fuel pumps between March 4–December 12, 2019)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach WAW739072825
Containment Measures: Contained by December 12, 2019
Incident : data breach WAW1302913112225
Incident Response Plan Activated: yes (discovered on Dec 10, 2019; contained by Dec 12, 2019)
Containment Measures: malware removal from payment servers
Recovery Measures: $9M settlement with eGiftCard payouts to affected customers
Communication Strategy: email notifications to affected customers (sent Nov 19, 2021+)public settlement details
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach WAW739072825
Type of Data Compromised: Payment card information
Number of Records Exposed: Unknown
Sensitivity of Data: High
Incident : data breach WAW1302913112225
Type of Data Compromised: Payment card data (pii)
Number of Records Exposed: millions (exact number undisclosed)
Sensitivity of Data: high (full payment card details)
Data Exfiltration: likely (malware designed to steal card data)
Personally Identifiable Information: cardholder namescard numbersexpiration dates
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by contained by december 12, 2019, malware removal from payment servers and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through $9M settlement with eGiftCard payouts to affected customers, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : data breach WAW1302913112225
Legal Actions: class-action lawsuit settlement ($9M),
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through class-action lawsuit settlement ($9M), .
References
Where can I find more information about each incident ?
Incident : Data Breach WAW739072825
Source: California Office of the Attorney General
Incident : data breach WAW1302913112225
Source: New Jersey 101.5 (Townsquare Media)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General, and Source: New Jersey 101.5 (Townsquare Media).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data breach WAW1302913112225
Investigation Status: resolved (settlement reached)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Email Notifications To Affected Customers (Sent Nov 19, 2021+) and Public Settlement Details.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : data breach WAW1302913112225
Customer Advisories: eGiftCard settlement emails (sent Nov 19, 2021+) with subject line 'Wawa Settlement eGift Card'
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Egiftcard Settlement Emails (Sent Nov 19, 2021+) With Subject Line 'Wawa Settlement Egift Card' and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : data breach WAW1302913112225
Root Causes: Malware Infection On Payment Processing Servers,
Corrective Actions: Settlement Payouts, Likely Security Upgrades (Undisclosed),
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Settlement Payouts, Likely Security Upgrades (Undisclosed), .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2019-12-10.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2019-12-12.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $9 million (settlement payout).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Payment card information, credit/debit card numbers, card expiration dates, cardholder names and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was payment processing servers.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Contained by December 12, 2019 and malware removal from payment servers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were credit/debit card numbers, Payment card information, cardholder names and card expiration dates.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was class-action lawsuit settlement ($9M), .
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are New Jersey 101.5 (Townsquare Media) and California Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is resolved (settlement reached).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an eGiftCard settlement emails (sent Nov 19 and 2021+) with subject line 'Wawa Settlement eGift Card'.
.png)
Latest Global CVEs (Not Company-Specific)
Description
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. Because the offset and size is controlled through MG header fields, a specially crafted ELF can read data beyond the bounds of mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via crafted compressed input. With certain crafted compressed inputs, elements from the output buffer can end up in the uncompressed output, potentially leaking sensitive data. This is relevant for applications that reuse the same output buffer to uncompress multiple inputs. This can be the case of a web server that allocates a fix-sized buffer for performance purposes. There is similar vulnerability in GHSA-cmp6-m4wj-q63q. This issue is fixed in version 3.4.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=wawa-inc-' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
