35 matches found
Sql injection
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter...
CVE-2018-14968
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter...
CVE-2018-14964
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page...
CVE-2018-14964
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page...
CVE-2018-14966
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF...
CVE-2018-14965
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF...
CVE-2018-14964
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page...
CVE-2018-14966
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF...
CVE-2018-14964
EMLsoft 5.4.5 is affected by a cross‑site scripting (XSS) vulnerability reachable via the eml/upload/eml/?action=address&do=edit page. The issue is documented in CVE-2018-14964 with an XSS flaw that could leverage this specific URL path. The public data consistently notes XSS as the vulnerability...
CVE-2018-14966
EMLsoft 5.4.5 is affected by a Cross-Site Request Forgery on the eml/upload/eml/?action=user&do=add page. The weakness allows unauthorized state-changing requests from authenticated users and, per CNVD, can enable an administrator account. Public sources in connected documents corroborate CSRF on...
CVE-2018-14965
EMLsoft 5.4.5 contains a CSRF vulnerability on the endpoint eml/upload/eml/?action=address&do=add. The CVE entry notes CSRF as the issue; CVSS3.0/2.0 metrics indicate a network-accessible flaw with high impact to confidentiality, integrity, and availability (C/H/I/A at high levels) and user inter...
CVE-2018-14968
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter...
CVE-2018-14967
An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter...
CVE-2018-14968
EMLsoft 5.4.5 has an SQL injection in upload\eml\action\action.address.php via the numPerPage parameter. A remote attacker could view, add, modify or delete data in the back-end database through this vector. Root cause: improper handling of the numPerPage parameter leading to SQL injection. No re...
CVE-2018-14967
CVE-2018-14967 affects EMLsoft 5.4.5. The vulnerability is a SQL injection in upload\eml\action\action.user.php via the numPerPage parameter, allowing a remote attacker to view, add, modify, or delete information in the back-end database. No exploit details or fixes are provided in the connected ...