5 matches found
CVE-2020-13968
CRK Business Platform = 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter...
CVE-2020-13968
creationtimestamp| type| source ---|---|--- 2020-12-23 21:13:11+00:00| seen| https://t.me/cibsecurity/21250...
CVE-2020-13968
CRK Business Platform <= 2019.1 is vulnerable to SQL injection via the strSessao parameter on any path, allowing the attacker to inject statements against the database. The root cause is unauthenticated input in the strSessao parameter that is not properly sanitized before being used in SQL st...
CVE-2020-13968
CRK Business Platform = 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter...
cc-craft.ie Improper Access Control vulnerability OBB-1395895
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...