Lucene search
K

6 matches found

Prion
Prion
added 2018/01/15 9:29 p.m.15 views

Code injection

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

7.5CVSS9.2AI score0.0129EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/01/15 9:29 p.m.18 views

CVE-2018-5329

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...

8.8CVSS8.8AI score0.00501EPSS
Exploits1References1
NVD
NVD
added 2018/01/15 9:29 p.m.21 views

CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

9.8CVSS9.3AI score0.0129EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/01/15 9:0 p.m.28 views

CVE-2018-5329

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...

8.8AI score0.00501EPSS
Exploits1References1
NVD
NVD
added 2017/12/18 4:29 p.m.28 views

CVE-2017-17721

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter...

9.8CVSS9.9AI score0.03596EPSS
Exploits4References6
OSV
OSV
added 2017/12/18 4:29 p.m.4 views

CVE-2017-17721

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter...

9.8CVSS5.8AI score0.03596EPSS
Exploits4References6
Rows per page
Query Builder