37 matches found
CVE-2025-34246 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34246
Advantech WebAccess/VPN
CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34243 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxNetworkFwRulesAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34240
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection in AppManagementController.appUpgradeAction() due to failure to filter datatable search parameters. An authenticated, low-privileged observer can inject SQL to disclose database information. Affected software: Advantech WebAc...
CVE-2025-34239 Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction that allows an authenticated system administrator to execute arbitrary commands as the web server user www-data by supplying a crafted uploaded filename...
CVE-2025-34238 Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...
CVE-2025-34238
CVE-2025-34238 affects Advantech WebAccess/VPN versions prior to 1.1.5. A path traversal flaw in AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() allows an authenticated network administrator to read arbitrary files that the web user (www-data) can access. The issue is...
CVE-2025-34237 Advantech WebAccess/VPN < 1.1.5 Stored XSS via StandaloneVpnClientsController.addStandaloneVpnClientAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
CVE-2025-34237 Advantech WebAccess/VPN < 1.1.5 Stored XSS via StandaloneVpnClientsController.addStandaloneVpnClientAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. An absolute path traversal vulnerability exists in...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a command injection...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
PT-2025-45353
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS issue via the NetworksController.addNetworkAction function. Insufficient validation or escapi...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...