CVE-2023-27309

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.2. The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions...

PT-2023-1879 · Siemens · Ruggedcom Crossbow

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.2 Description: The issue is related to the client query handler of the secure access management system, which has inadequate authorization procedure. This could allow a remote attacker to perform...

PT-2023-1880 · Siemens · Ruggedcom Crossbow

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.2 Description: A vulnerability has been identified in the client query handler of the affected application, which fails to check for proper permissions when assigning groups to user accounts. This could...

Sql injection

A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...

CVE-2011-10003 XpressEngine Update Query sql injection

A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...

CVE-2011-10003

CVE-2011-10003 affects XpressEngine up to version 1.4.4. The issue arises from an unknown processing flaw in the Update Query Handler that enables a SQL injection. The vulnerability is fixed by upgrading to version 1.4.5, with the patch identified as c6e94449f21256d6362450b29c7847305e756ad5. Seve...

CVE-2011-10003 XpressEngine Update Query sql injection

A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...

PT-2023-9915 · Unknown · Xpressengine

Name of the Vulnerable Software and Affected Versions: XpressEngine versions up to 1.4.4 Description: A critical issue affects the Update Query Handler component, leading to sql injection. The estimated number of potentially affected devices worldwide is not available. There is no information abo...

XpressEngine SQL注入漏洞

XpressEngine is a CMS Content Management System that allows anyone to publish content easily, conveniently and freely. A SQL injection vulnerability exists in XpressEngine versions prior to 1.4.5, which stems from a problem with certain unknown processing in the component Update Query Handler, an...