Lucene search
K

CVE-2022-44016

🗓️ 25 Dec 2022 00:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 50 Views🌐 WEB

An issue in Simmeth Lieferantenmanager allows arbitrary file download via AP

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass Vulnerabilities
16 Nov 202200:00
zdt
Circl
CVE-2022-44016
25 Dec 202207:39
circl
CNNVD
Simmeth System Supplier Manager 路径遍历漏洞
15 Nov 202200:00
cnnvd
CNVD
Simmeth System Supplier Manager Arbitrary File Download Vulnerability
21 Nov 202200:00
cnvd
Cvelist
CVE-2022-44016
25 Dec 202200:00
cvelist
EUVD
EUVD-2022-46979
3 Oct 202520:07
euvd
NVD
CVE-2022-44016
25 Dec 202205:15
nvd
OSV
CVE-2022-44016
25 Dec 202205:15
osv
Packet Storm
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
15 Nov 202200:00
packetstorm
Prion
Design/Logic Flaw
25 Dec 202205:15
prion
Rows per page
NVD
ParameterPositionPathDescriptionCWE
ImagesPathrequest body/DS/LM_API/api/ConfigurationService/GetImagesLocal file access via GetImages endpoint by supplying an arbitrary ImagesPath (e.g., C:\) to read server filesCWE-22
Credentialrequest body/DS/LM_API/api/ConfigurationService/GetImagesLocal file access via GetImages endpoint by supplying an arbitrary ImagesPath (e.g., C:\) to read server filesCWE-22
Mandant.ConfigPathrequest body/DS/LM_API/api/ConfigurationService/GetImagesLocal file access via GetImages endpoint by supplying an arbitrary ImagesPath (e.g., C:\) to read server filesCWE-22
ListImageNamesrequest body/DS/LM_API/api/ConfigurationService/GetImagesLocal file access via GetImages endpoint by supplying an arbitrary ImagesPath (e.g., C:\) to read server filesCWE-22
Mandant.ConfigPathrequest body/DS/LM_API/api/ConfigurationService/GetConfigurationInformation disclosure of plaintext credentials via GetConfiguration endpointCWE-22
Credentialrequest body/DS/LM_API/api/ConfigurationService/GetConfigurationInformation disclosure of plaintext credentials via GetConfiguration endpointCWE-22
Passwordrequest body/DS/LM_API/api/ConfigurationService/GetConfigurationInformation disclosure of plaintext credentials via GetConfiguration endpointCWE-22
KPIIntro.MailSettings.Passwordrequest body/DS/LM_API/api/ConfigurationService/GetConfigurationInformation disclosure of plaintext credentials via GetConfiguration endpointCWE-22
Credentialrequest body/DS/LM_API/api/SelectionService/GetPaggedTabFaulty API design / SQLi via table name leading to data extraction and potential RCECWE-22
Mandant.ConfigPathrequest body/DS/LM_API/api/SelectionService/GetPaggedTabFaulty API design / SQLi via table name leading to data extraction and potential RCECWE-22
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 05:07Current
7.7High risk
Vulners AI Score7.7
CVSS 3.17.5
EPSS0.00879
SSVC
50