Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5
CVE-2023-4037
- EPSS 0.05%
- Veröffentlicht 04.10.2023 12:15:10
- Zuletzt bearbeitet 21.11.2024 08:34:16
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
7.5
CVE-2023-3512
- EPSS 0.1%
- Veröffentlicht 04.10.2023 11:15:10
- Zuletzt bearbeitet 21.11.2024 08:17:25
Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter...
7.5
CVE-2020-25068
- EPSS 15.19%
- Veröffentlicht 03.09.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 05:17:11
Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI....
1