19 matches found
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which...
CVE-2026-2731
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
CVE-2026-2731
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
CVE-2026-2731 Unauthenticated RCE in Dynamicweb 9 and Dynamicweb 8
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
CVE-2026-2731
The CVE describes an unauthenticated remote code execution vulnerability in Dynamicweb 8 and 9 due to path traversal and content injection in JobRunnerBackground.aspx. Affected versions are Dynamicweb 8 (all) and Dynamicweb 9 before 9.19.7 and before 9.20.3. The issue enables unauthenticated atta...
CVE-2026-2731 Unauthenticated RCE in Dynamicweb 9 and Dynamicweb 8
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
PT-2026-20649
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
DynamicWeb 安全漏洞
DynamicWeb is a full-stack digital experience platform developed by the American company DynamicWeb. Versions of DynamicWeb prior to 9.9.19.7 and 9.20.3 contained security vulnerabilities. These vulnerabilities were caused by path traversal and content injection in the JobRunnerBackground.aspx...
CVE-2022-25369
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have...
CVE-2022-25369
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have...
CVE-2022-25369
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have...
EUVD-2022-30040
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have...
CVE-2022-25369
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have...
CVE-2022-25369
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have...
DynamicWeb security vulnerabilities
DynamicWeb is a full-stack digital experience platform developed by the American company DynamicWeb. Versions of DynamicWeb prior to 9.12.8 contained security vulnerabilities. These vulnerabilities were caused by logical issues that allowed new administrator users to be added, potentially leading...
VulnCheck KEV: CVE-2022-25369
Dynamicweb logic flaw remote code execution...
PT-2022-17246
Name of the Vulnerable Software and Affected Versions Dynamicweb versions 9.5.0 through 9.12.7 Description The issue is related to a logic flaw that can lead to remote code execution RCE in Dynamicweb. Recommendations For Dynamicweb versions 9.5.0 through 9.12.7, at the moment, there is no...
WAFW00F v1.0.0 - Detect All The Web Application Firewall!
WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...
dynamicweb.nl XSS vulnerability
Open Bug Bounty ID: OBB-671010 Description| Value ---|--- Affected Website:| dynamicweb.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...