Aceware

Aceweb Online Portal

5 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-24581

  • EPSS 0.39%
  • Published 02.06.2022 14:15:37
  • Last modified 21.11.2024 06:50:41

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the u...

6.1

CVE-2022-24238

  • EPSS 0.49%
  • Published 02.06.2022 14:15:36
  • Last modified 21.11.2024 06:50:01

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.

9.8

CVE-2022-24239

  • EPSS 0.73%
  • Published 02.06.2022 14:15:36
  • Last modified 21.11.2024 06:50:01

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.

9.8

CVE-2022-24240

  • EPSS 0.65%
  • Published 02.06.2022 14:15:36
  • Last modified 21.11.2024 06:50:02

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.

7.5

CVE-2022-24241

  • EPSS 0.39%
  • Published 02.06.2022 14:15:36
  • Last modified 21.11.2024 06:50:02

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.