13 matches found
BACKCLICK Professional has an authentication bypass vulnerability
BACKCLICK, a marketing software from BACKCLICK Germany, helps organizations create, implement, evaluate and run web-based email campaigns. version 5.9.63 of BACKCLICK Professional is vulnerable to an authentication bypass. An attacker could use this vulnerability to bypass user authentication use...
CVE-2022-44003
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations...
CVE-2022-44000
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...
CVE-2022-44002
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...
CVE-2022-44002
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...
PT-2022-27069 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an unsafe implementation of session tracking, making it possible for an attacker to trick users into opening an authenticated user session for a session...
PT-2022-27062 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an exposed internal communications interface, making it possible to execute arbitrary system commands on the server. Recommendations: For BACKCLICK Professional...
PT-2022-27064 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient output encoding of user-supplied data, making the web application vulnerable to cross-site scripting XSS at various locations. Recommendations: For...
BACKCLICK 授权问题漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability in BACKCLICK Professional version 5.9.63, which stems from an insecure design or lack of authentication, can be exploited by an...
PT-2022-27066 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insecure design or lack of authentication, allowing unauthenticated attackers to complete the password-reset process for any account and set a new password...
PT-2022-27065 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient escaping of user-supplied input, making the application vulnerable to SQL injection at various locations. Recommendations: For BACKCLICK Profession...
CVE-2022-44007
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...
PT-2022-27070 · Apache · Apache Tomcat
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to improper validation, allowing arbitrary local files to be retrieved by accessing the back-end Tomcat server directly. Recommendations: For BACKCLICK Professiona...