42 matches found
CVE-2024-4307 SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/viewcards. php?id=1,...
CVE-2024-4307 SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/viewcards. php?id=1,...
CVE-2024-4307
HubBank’s CVE-2024-4307 affects HubBank v1.0.2. The issue is an SQL injection in the id parameter across endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards.php?id=1, /accounts/wire-transfer.php?id=1 and /accounts/wiretransfer-pending.php?id=1, enabling ...
CVE-2024-4308 SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints...
CVE-2024-4308
CVE-2024-4308 describes a SQL injection vulnerability in HubBank v1.0.2. The affected component is the HubBank application, with the root cause identified as improper handling of the id parameter in multiple admin endpoints (e.g., /admin/view_users.php?id=1, /admin/viewloan-trans.php?id=1, /admin...
CVE-2024-4308 SQL injection vulnerability in HubBank
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints...
CVE-2024-4306
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...
CVE-2024-4306
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...
CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...
CVE-2024-4306
CVE-2024-4306 affects HubBank version 1.0.2 and is a critical unrestricted file upload vulnerability. A registered user can upload malicious PHP files through upload document fields, enabling webshell execution on the server. The connected PT-2024-30276 advisory corroborates a high-severity, clie...
CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...
HubBank 跨站脚本漏洞
HubBank is an app from HubBank, Inc. A cross-site scripting vulnerability exists in HubBank version 1.0.2, which stems from the lack of effective filtering and escaping of user-supplied data on registration and profile forms, and can be exploited by an attacker to execute arbitrary web script or...
PT-2024-30296 · Hubbank · Hubbank
Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue is a Cross-site Scripting XSS vulnerability that allows an attacker to send a specially crafted JavaScript payload to registration and profile forms. This payload can be triggered when any...
HubBank SQL注入漏洞
HubBank is an application from HubBank, Inc. A SQL injection vulnerability exists in HubBank version 1.0.2, which stems from a SQL injection vulnerability in the /user/transaction.php endpoint...
HubBank 代码问题漏洞
HubBank is an application from HubBank, Inc. A code issue vulnerability exists in HubBank version 1.0.2 that originates from allowing registered users to upload a malicious PHP file via the upload document field, which can lead to webshell execution...
CVE-2024-4309
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /user/transaction.php?id=1, /user/credit-debittransaction.php?id=1,/user/viewtransaction. php?id=1 and...
PT-2024-30279 · Hubbank · Hubbank
Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue is related to a SQL injection vulnerability that could allow an attacker to send a specially crafted SQL query to the database through different endpoints, such as "/admin/view users.php?id=1",...
PT-2024-30276 · Hubbank · Hubbank
Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution. This is a critical unrestricted file upload vulnerability. Recommendations: For...
HubBank SQL注入漏洞
HubBank is an application from HubBank, Inc. HubBank version 1.0.2 suffers from a SQL injection vulnerability that originates from allowing an attacker to send specially crafted SQL queries to the database from different endpoints and retrieve information stored in the database...
HubBank SQL注入漏洞
HubBank is an application from HubBank, Inc. A security vulnerability exists in HubBank version 1.0.2, which stems from a SQL injection vulnerability in the /admin/viewusers.php endpoint...