11 matches found
CVE-2021-34878
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
CVE-2023-34878
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...
CVE-2023-34878
CVE-2023-34878 affects Ujcms v6.0.2, where the dir parameter in the endpoint "/api/backend/core/web-file-html/download-zip" can cause leakage of sensitive information. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK access, LOW attack complexity, NONE privileges, NONE user interaction, and CO...
CVE-2022-34878
creationtimestamp| type| source ---|---|--- 2022-09-22 15:12:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/vicidialmultiplesqli.rb 2023-01-02 09:02:10+00:00| seen| https://t.me/cibsecurity/45605 2025-02-06 03:13:45+00:00| seen|...
CVE-2022-34878 VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.
SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...
CVE-2022-34878
CVE-2022-34878 affects VICIdial (notably VICIdial 2.14b0.5 and related builds) via an authenticated SQL injection in the /vicidial/user_stats.php file_download parameter. Connected docs confirm concrete exploitation: multiple authenticated SQLi paths and a module exploiting this (e.g., VICIdial M...
CVE-2021-34878
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
CVE-2021-34878
Bentley View 10.15.0.75 is affected by CVE-2021-34878 due to a vulnerability in JT file parsing that can trigger a write past the end of an allocated buffer, allowing remote code execution. The attack requires user interaction (visiting a malicious page or opening a malicious JT file) and leverag...
CVE-2025-34878
CVE-2025-34878 is rejected/not used and does not represent an active vulnerability entry.
CVE-2025-34878
...