Seling

Visual Access Manager

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.8

CVE-2023-42241

  • EPSS 0.13%
  • Veröffentlicht 13.01.2025 22:15:12
  • Zuletzt bearbeitet 17.04.2025 16:34:55

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.

3.8

CVE-2023-42240

  • EPSS 0.13%
  • Veröffentlicht 13.01.2025 22:15:12
  • Zuletzt bearbeitet 17.04.2025 16:34:58

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.

3.8

CVE-2023-42239

  • EPSS 0.13%
  • Veröffentlicht 13.01.2025 22:15:12
  • Zuletzt bearbeitet 17.04.2025 16:35:01

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.

3.8

CVE-2023-42237

  • EPSS 0.13%
  • Veröffentlicht 13.01.2025 22:15:11
  • Zuletzt bearbeitet 17.04.2025 16:35:07

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.

3.8

CVE-2023-42236

  • EPSS 0.13%
  • Veröffentlicht 13.01.2025 22:15:11
  • Zuletzt bearbeitet 17.04.2025 16:35:10

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.

3.8

CVE-2023-42235

  • EPSS 0.14%
  • Veröffentlicht 13.01.2025 22:15:11
  • Zuletzt bearbeitet 17.04.2025 16:35:22

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.

6.5

CVE-2023-50811

  • EPSS 0.05%
  • Veröffentlicht 19.03.2024 22:15:06
  • Zuletzt bearbeitet 27.03.2025 16:15:20

An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access...

7.5

CVE-2019-19986

Exploit
  • EPSS 0.84%
  • Veröffentlicht 26.02.2020 16:15:18
  • Zuletzt bearbeitet 21.11.2024 04:35:47

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto...

10

CVE-2019-19994

Exploit
  • EPSS 7.34%
  • Veröffentlicht 26.02.2020 16:15:18
  • Zuletzt bearbeitet 21.11.2024 04:35:48

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in t...

5.3

CVE-2019-19993

Exploit
  • EPSS 0.31%
  • Veröffentlicht 26.02.2020 16:15:18
  • Zuletzt bearbeitet 21.11.2024 04:35:48

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate...