Axis

License Plate Verifier

6 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-21411

  • EPSS 0.17%
  • Published 03.08.2023 07:15:13
  • Last modified 21.11.2024 07:42:48

User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution.

8.8

CVE-2023-21412

  • EPSS 0.16%
  • Published 03.08.2023 07:15:13
  • Last modified 21.11.2024 07:42:48

User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.

8.8

CVE-2023-21407

  • EPSS 0.24%
  • Published 03.08.2023 07:15:12
  • Last modified 21.11.2024 07:42:48

A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges.

9.8

CVE-2023-21408

  • EPSS 0.1%
  • Published 03.08.2023 07:15:12
  • Last modified 21.11.2024 07:42:48

Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems.

9.8

CVE-2023-21409

  • EPSS 0.13%
  • Published 03.08.2023 07:15:12
  • Last modified 21.11.2024 07:42:48

Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application.

8.8

CVE-2023-21410

  • EPSS 0.17%
  • Published 03.08.2023 07:15:12
  • Last modified 21.11.2024 07:42:48

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.