Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is...
9.8CVSS
9.3AI Score
0.002EPSS
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username:...
9.8CVSS
9.7AI Score
0.001EPSS
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin...
7.2CVSS
6.9AI Score
0.001EPSS