70 matches found
CVE-2024-46897
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table...
CVE-2024-46897
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table...
CVE-2024-46897
Affected software: Exment (web app). Vulnerability: CVE-2024-46897 is an Incorrect Permission Assignment for a Critical Resource affecting Exment versions 6.1.4 and earlier and 5.0.11 and earlier. A logged-in user with the permission to manage tables may access and/or modify information in unauth...
CVE-2024-46897
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table...
Multiple vulnerabilities in Exment
Overview Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-46897 Stored Cross-site Scripting CWE-79 - CVE-2024-47793 CVE-2024-46897 masataka sato of Mitsui Bussan Secure Directions, Inc...
Exment 安全漏洞
Exment is Exceedone's open source simple, easy, lightweight, free web database. A security vulnerability exists in Exment versions 6.1.4 and earlier and 5.0.11 and earlier, which stems from an incorrect assignment of permissions to critical resources and a stored cross-site scripting vulnerabilit...
Exment 安全漏洞
Exment is Exceedone's open source simple, easy, lightweight, free web database. A security vulnerability exists in Exment versions 6.1.4 and earlier and 5.0.11 and earlier, which stems from an incorrect assignment of permissions to critical resources and a stored cross-site scripting vulnerabilit...
JVN#74538317: Multiple vulnerabilities in Exment
Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N Base Score 3.8 CVE-2024-46897 Stored Cross-site Scripting CWE-79...
The vulnerability of the exceedone/exment and exceedone/laravel-admin software lies in the possibility of introducing commands that allow attackers to execute arbitrary SQL queries against the application’s database.
The vulnerability of the exceedone/exment and exceedone/laravel-admin software lies in the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the application’s database remotely...
GHSA-P74Q-2PF8-J5JX exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability
SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...
exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability
Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...
exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability
SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...
CVE-2022-37333
SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...
CVE-2022-38080
Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...
CVE-2022-38089
Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...
CVE-2022-37333
SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...
CVE-2022-38080
Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...
CVE-2022-38089
Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...
Cross site scripting
Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...
Sql injection
SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...