CVE-2020-37141 AMSS++ v 4.31 - 'id' SQL Injection

AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 12.4.31 LTS and 13.4.2 LTS, which stems from a possible bypass of multi-factor authentication...

Intel Granulate 访问控制错误漏洞

Intel Granulate is an application from Intel Corporation USA. An access control error vulnerability exists in Intel Granulate versions prior to 4.30.1, which stems from improper access control. An attacker can exploit the vulnerability to elevate privileges...

CVE-2024-2599

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure...

CVE-2024-2596

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/mail/main/selectsend.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...

CVE-2024-2592

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/picshow.php, in the 'personid' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

AMSS++ SQL Injection Vulnerability

AMSS++ is a tool for the office management support system of Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which stems from an SQL injection vulnerability in the sdindex parameter of the /amssplus/modules/book/main/selectsend2.php page...

PT-2024-21245 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited through the...

PT-2024-21181 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue allows SQL injection through the /amssplus/admin/index.php endpoint, in the id parameter. This could enable a remote attacker to send a specially crafted SQL query to the server and retrieve all the...

AMSS++ Cross-Site Scripting Vulnerability

AMSS++ is a tool for the office administration support system of Amssplus. A cross-site scripting vulnerability exists in AMSS++ version 4.31, which stems from a cross-site scripting vulnerability in multiple parameters on the /amssplus/admin/index.php page...

PostCSS Injection Vulnerability

Andrey Sitnik postcss is an application by the individual developer Andrey Sitnik in Spain. A tool for converting styles using JS plugins. An injection vulnerability exists in versions of PostCSS prior to 8.4.31. No information about this vulnerability is available at this time, please stay tuned...

PT-2023-11358 · Unknown · Happyman Twmap

Name of the Vulnerable Software and Affected Versions: happyman twmap versions prior to v2.9 v4.31 Description: A critical issue was found in happyman twmap, affecting an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the id argument leads to sql...