23 matches found
CVE-2020-37135
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...
CVE-2024-2598
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/selectsend2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...
CVE-2024-2593
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailgroup.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a special...
CVE-2024-2594
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an...
CVE-2024-2595
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailkhetperson.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a...
CVE-2024-2592
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/picshow.php, in the 'personid' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2590
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/selectsend.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2589
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetailschoolperson.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in th...
CVE-2024-2585
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/selectsend2.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2587
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetailkhetperson.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the ...
CVE-2024-2588
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-2586
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
PT-2024-21233 · Amss++ · Amss++
Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited through the /amssplus/admin/index.php endpoint...
AMSS++ SQL Injection Vulnerability
AMSS++ is a tool for office management support systems from Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which originates from an SQL injection vulnerability in the personid parameter of the /amssplus/modules/person/picshow.php page...
AMSS++ SQL Injection Vulnerability
AMSS++ is a tool for the office administration support system of Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which originates from an SQL injection vulnerability in the username parameter of the /amssplus/index.php page...
PT-2024-21223 · Amss++ · Amss++
Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited through the...
PT-2024-21212 · Amss++ · Amss++
Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue allows SQL injection through the /amssplus/modules/person/pic show.php endpoint, in the person id parameter. This could enable a remote attacker to send a specially crafted SQL query to the server an...
PT-2024-21192 · Amss++ · Amss++
Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue allows SQL injection through the /amssplus/modules/mail/main/select send.php endpoint, specifically in the sd index parameter. This could enable a remote attacker to send a specially crafted SQL quer...
PT-2024-21181 · Amss++ · Amss++
Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue allows SQL injection through the /amssplus/admin/index.php endpoint, in the id parameter. This could enable a remote attacker to send a specially crafted SQL query to the server and retrieve all the...
AMSS++ Cross-Site Scripting Vulnerability
AMSS++ is a tool for office management support systems from Amssplus. A cross-site scripting vulnerability exists in AMSS++ version 4.31, which stems from a cross-site scripting vulnerability in the bid parameter of the /amssplus/modules/book/main/bookdetailgroup.php page...