CVE-2023-48394
- EPSS 0.5%
- Veröffentlicht 15.12.2023 10:15:08
- Zuletzt bearbeitet 21.11.2024 08:31:37
Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perfor...
CVE-2023-48395
- EPSS 0.23%
- Veröffentlicht 15.12.2023 10:15:08
- Zuletzt bearbeitet 21.11.2024 08:31:37
Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read dat...
CVE-2023-48392
- EPSS 0.52%
- Veröffentlicht 15.12.2023 10:15:07
- Zuletzt bearbeitet 21.11.2024 08:31:37
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary us...
CVE-2023-48393
- EPSS 0.2%
- Veröffentlicht 15.12.2023 10:15:07
- Zuletzt bearbeitet 21.11.2024 08:31:37
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message.