Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Description The plugin does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

CVE-2023-42284

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

Tyk Gateway Security Vulnerability

Tyk Gateway is a cloud-based, open-source API gateway open-sourced by Tyk Technologies. A security vulnerability exists in Tyk Gateway version 5.0.3. An attacker exploited the vulnerability to access and dump a database via a specially crafted SQL query...

CVE-2023-43013

CVE-2023-43013 affects Asset Management System v1.0. An unauthenticated SQL Injection vulnerability exists in the index.php page via the 'email' parameter, enabling an external attacker to dump all database contents and bypass login controls. Public references in multiple sources corroborate the ...

CVE-2023-43013 Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi)

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...

PT-2023-28664 · Unknown · Asset Management System

Name of the Vulnerable Software and Affected Versions: Asset Management System version 1.0 Description: The issue concerns an unauthenticated SQL Injection vulnerability. It affects the email parameter of the "index.php" page, allowing an external attacker to dump all database contents and bypass...

Information Disclosure

dolibarr/dolibarr is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to gain access to company's entire customer files, prospects, suppliers, and employee information, when a contact file exists via performing a database dump, resulting in the disclosure of sensiti...

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

Code injection

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

UBUNTU-CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

Dolibarr 安全漏洞

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in Dolibarr versions v16.0.0 through v16.0.5, which stems from a vulnerability that allows an unauthenticated attacker to perform a database dump and...

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

CVE-2023-33568

Dolibarr 16.x before 16.0.5 is affected. An unauthenticated remote attacker can trigger a database dump and access the company’s entire contacts data (customers, prospects, suppliers, and employees) if a contact file exists. Root cause is insufficient access control leading to pre-auth data expos...

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...