Lucene search
K

5 matches found

CNVD
CNVD
added 2025/11/11 12:0 a.m.3 views

Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.4AI score0.00284EPSS
Exploits0References1
OSV
OSV
added 2025/11/06 8:15 p.m.2 views

CVE-2025-34241

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS5.8AI score0.00284EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 8:15 p.m.4 views

CVE-2025-34241

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

6.5CVSS0.00284EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 7:45 p.m.8 views

CVE-2025-34241

Advantech WebAccess/VPN before version 1.1.5 is affected by a SQL injection in AjaxDeviceController.ajaxDeviceAction() via datatable search parameters. An authenticated, low-privileged observer can potentially have access to database data due to improper input handling. The issue is consistently ...

6.5CVSS7.2AI score0.00284EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/11/06 7:45 p.m.5 views

CVE-2025-34241 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxDeviceController.ajaxDeviceAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS0.00284EPSS
Exploits0References3
Rows per page
Query Builder