81 matches found
CVE-2024-32406
Server-Side Template Injection SSTI vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function...
CVE-2024-32404
Server-Side Template Injection SSTI vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature...
relate 安全漏洞
RELATE is a web-based courseware package from the individual developer Andreas Klöckner. A security vulnerability exists in relate version v.2024.1, which stems from the presence of a server-side template injection SSTI vulnerability...
CVE-2024-32406
Relate Relate Learning and Teaching System (inducer relate) prior to 2024.1 is affected by a Server-Side Template Injection (SSTI) in the Batch-Issue Exam Tickets function, enabling remote arbitrary code execution. Concrete details across sources specify the vulnerability in inducer relate before...
relate 安全漏洞
Relate is a web-based learning and teaching environment. A security vulnerability exists in versions prior to relate 2024.1, which stems from a Template Injection SSTI vulnerability in the Batch Issue Exam Tickets feature...
Relate Learning And Teaching System SSTI / Remote Code Execution
Exploit Title: Relate Learning And Teaching system Version before 2024.1 SSTIBatch-Issue Exam Tickets function lead to RCE Date: 24/04/2024 Exploit Author: kai6u Vendor Homepage: https://github.com/inducer/ Software Link: https://github.com/inducer/relate Affected Version:before 2024.1...
Relate Learning And Teaching System SSTI / Remote Code Execution Vulnerability
Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Batch-Issue Exam Tickets function. Exploit Title: Relate Learning And Teaching system Version before...
CVE-2024-32407
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature...
CVE-2024-32405
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function...
CVE-2024-32405
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function...
Relate 安全漏洞
Relate is a web-based learning and teaching environment. A security vulnerability exists in Relate versions prior to 2024.1 that stems from the presence of a stored cross-site scripting XSS vulnerability...
Relate 安全漏洞
Relate is a web-based learning and teaching environment. A security vulnerability exists in Relate versions prior to 2024.1 that stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability...
Relate Learning And Teaching System SSTI / Remote Code Execution
Exploit Title: Relate Learning And Teaching system Version before 2024.1 SSTIMarkup Sandbox function lead to RCE Date: 19/04/2024 Exploit Author: kai6u Vendor Homepage: https://github.com/inducer/ Software Link: https://github.com/inducer/relate Affected Version:before 2024.1...
Relate Cross Site Scripting
Exploit Title: Relate Learning And Teaching system Version before 2024.1 Stored XSS Date: 18/04/2024 Exploit Author: kai6u Vendor Homepage: https://github.com/inducer/ Software Link: https://github.com/inducer/relate Affected Version:before 2024.1...
The vulnerability of the Internal Operations component of the MICROS Relate CRM Software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Internal Operations component of the MICROS Relate CRM Software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...
Unspecified Vulnerability in Oracle Retail Applications MICROS Relate CRM Software Component (CNVD-2019-39857)
Oracle Retail Applications is a suite of retail applications store solutions from Oracle. The product includes inventory management, sales management and customer management, etc. MICROS Relate CRM Software is one of the customer relationship management components. An unspecified vulnerability...
CVE-2019-2896
Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...
CVE-2019-2896
Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...
Spoofing
Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...
CVE-2019-2896
Vulnerability in the MICROS Relate CRM Software product of Oracle Retail Applications component: Internal Operations. Supported versions that are affected are 7.1.0, 15.0.0, 16.0.0, 17.0.0, and 18.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP...