Lucene search
K

70 matches found

OSV
OSV
added 2024/10/18 6:3 a.m.19 views

CVE-2024-46897

Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table...

3.8CVSS6.6AI score0.00356EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/18 6:3 a.m.18 views

CVE-2024-46897

Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table...

3.8CVSS6.7AI score0.00356EPSS
Exploits0References3
CVE
CVE
added 2024/10/18 6:3 a.m.61 views

CVE-2024-46897

Affected software: Exment (web app). Vulnerability: CVE-2024-46897 is an Incorrect Permission Assignment for a Critical Resource affecting Exment versions 6.1.4 and earlier and 5.0.11 and earlier. A logged-in user with the permission to manage tables may access and/or modify information in unauth...

3.8CVSS6.7AI score0.00356EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/18 6:3 a.m.39 views

CVE-2024-46897

Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table...

3.8CVSS0.00356EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/11 5:13 a.m.3 views

Multiple vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-46897 Stored Cross-site Scripting CWE-79 - CVE-2024-47793 CVE-2024-46897 masataka sato of Mitsui Bussan Secure Directions, Inc...

5.4CVSS6.6AI score0.00356EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.3 views

Exment 安全漏洞

Exment is Exceedone's open source simple, easy, lightweight, free web database. A security vulnerability exists in Exment versions 6.1.4 and earlier and 5.0.11 and earlier, which stems from an incorrect assignment of permissions to critical resources and a stored cross-site scripting vulnerabilit...

5.4CVSS5.1AI score0.00308EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.6 views

Exment 安全漏洞

Exment is Exceedone's open source simple, easy, lightweight, free web database. A security vulnerability exists in Exment versions 6.1.4 and earlier and 5.0.11 and earlier, which stems from an incorrect assignment of permissions to critical resources and a stored cross-site scripting vulnerabilit...

3.8CVSS4.4AI score0.00356EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/11 12:0 a.m.32 views

JVN#74538317: Multiple vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N Base Score 3.8 CVE-2024-46897 Stored Cross-site Scripting CWE-79...

5.4CVSS7.2AI score0.00356EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/09/06 12:0 a.m.8 views

The vulnerability of the exceedone/exment and exceedone/laravel-admin software lies in the possibility of introducing commands that allow attackers to execute arbitrary SQL queries against the application’s database.

The vulnerability of the exceedone/exment and exceedone/laravel-admin software lies in the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the application’s database remotely...

10CVSS8AI score0.0119EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/08/25 12:0 a.m.19 views

GHSA-P74Q-2PF8-J5JX exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

8.8CVSS8.8AI score0.0119EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/25 12:0 a.m.29 views

exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

5.4CVSS5.4AI score0.00756EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/08/25 12:0 a.m.26 views

exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

8.8CVSS9.3AI score0.0119EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2022/08/24 9:15 a.m.33 views

CVE-2022-37333

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

8.8CVSS0.0119EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/24 9:15 a.m.3 views

CVE-2022-38080

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

5.4CVSS6.7AI score0.00756EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/08/24 9:15 a.m.22 views

CVE-2022-38089

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS0.00756EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/24 9:15 a.m.4 views

CVE-2022-37333

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

8.8CVSS7.7AI score0.0119EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/08/24 9:15 a.m.26 views

CVE-2022-38080

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

5.4CVSS0.00756EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/24 9:15 a.m.11 views

CVE-2022-38089

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.3AI score0.00756EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/08/24 9:15 a.m.13 views

Cross site scripting

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

4.9CVSS5.3AI score0.00756EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2022/08/24 9:15 a.m.19 views

Sql injection

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

6.5CVSS8.7AI score0.0119EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder