3 matches found
Design/Logic Flaw
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
CVE-2021-37478
creationtimestamp| type| source ---|---|--- 2021-07-26 22:11:44+00:00| seen| https://t.me/cibsecurity/26515...
CVE-2021-37478
Summary (CVE-2021-37478): NavigateCMS up to version 2.9.4 contains a SQL injection in the block() function via the block-order parameter, enabling arbitrary SQL execution in the backend DB. Documented by multiple sources (NVD/CNVD/CVELIST/CNNVD). The root cause is an unsafeguarded input in the af...