EUVD-2023-52447

Malicious code in bioql PyPI...

CVE-2023-48395

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...

CVE-2023-48395

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...

CVE-2023-48394

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48393

Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...

CVE-2023-48392

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

CVE-2023-48393

Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...

Sql injection

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...

Privilege escalation

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48395 Kaifa Technology WebITR - SQL Injection

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...

CVE-2023-48395 Kaifa Technology WebITR - SQL Injection

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...

CVE-2023-48395

The CVE describes an SQL injection in Kaifa Technology WebITR (online attendance system) caused by insufficient input validation in a particular function. An attacker with regular user privileges can exploit this to read the database by injecting arbitrary SQL commands. Several connected sources ...

CVE-2023-48394 Kaifa Technology WebITR - Arbitrary File Upload

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

CVE-2023-48394

CVE-2023-48394 affects Kaifa Technology WebITR (online attendance system). The issue lies in the file upload function, which does not restrict uploading of dangerous file types. A remote attacker with regular user privileges can upload arbitrary files to execute commands or disrupt service. Conne...

CVE-2023-48393 Kaifa Technology WebITR - Error Message Leakage

Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...

CVE-2023-48393

CVE-2023-48393 affects Kaifa Technology WebITR (online attendance system). The vulnerability allows a remote attacker with regular user privileges to obtain partial sensitive information via error messages. The CVSSv3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) indicates a low impact on confid...

CVE-2023-48392

CVE-2023-48392 affects Kaifa Technology WebITR, an online attendance system. The root cause is use of a hard-coded encryption key that allows an unauthenticated remote attacker to generate valid token parameters, enabling login as an arbitrary user (including administrator) and access to the syst...

CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

PT-2023-30814 · Kaifa Technology · Webitr

Name of the Vulnerable Software and Affected Versions: Kaifa Technology WebITR affected versions not specified Description: The issue concerns Kaifa Technology WebITR, an online attendance system. A remote attacker with regular user privileges can obtain partial sensitive system information from ...

WebITR Security Vulnerabilities

WebITR is an online time and attendance system. A security vulnerability exists in Kaifa Technology WebITR version 21023, which can be exploited by a remote attacker to obtain certain sensitive system information from error messages...