92 matches found
BACKCLICK 安全漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, evaluate, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from its publicly available internal communication interface that allows ...
BACKCLICK 跨站脚本漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from insufficient output coding of user-supplied data allowing an attacker...
BACKCLICK 安全漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from the use of consecutive IDs in the validation link, the...
CVE-2022-44005
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...
BACKCLICK SQL注入漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A SQL injection vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from insufficient user-supplied input escaping, and can be...
BACKCLICK 路径遍历漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which originates from improper authentication, and can be exploited by an...
CVE-2022-44000
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...
CVE-2022-44002
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...
CVE-2022-44007
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...
PT-2022-27065 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient escaping of user-supplied input, making the application vulnerable to SQL injection at various locations. Recommendations: For BACKCLICK Profession...
BACKCLICK 授权问题漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability in BACKCLICK Professional version 5.9.63, which stems from an insecure design or lack of authentication, can be exploited by an...
CVE-2022-44004
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password...
BACKCLICK 路径遍历漏洞
BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...
PT-2022-27067 · Unknown · Backclick Professional
Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered in the newsletter sign-up functionality due to the use of consecutive IDs in verification links. This allows for the enumeration of subscribers' e-mail addresses...
CVE-2022-44008
CVE-2022-44008 affects BACKCLICK Professional 5.9.63. The root cause is improper validation that allows retrieval of arbitrary local files by directly accessing the back-end Tomcat server, leading to potential confidentiality impact. A separate advisory notes the existence of a PoC for exploitati...
CVE-2022-44000
BACKCLICK Professional 5.9.63 is affected by CVE-2022-44000 due to an exposed internal communications interface that enables arbitrary system command execution on the server. The vulnerability stems from access to an internal interface, allowing remote code execution with no privileges required (...
CVE-2022-43999
CVE-2022-43999 affects BACKCLICK Professional 5.9.63. The issue arises from exposed CORBA management services, allowing arbitrary system commands to be executed on the server. Public documents assign a CRITICAL impact (CVSS v3.1: 9.8, network attack vector, no privileges or user interaction requi...
CVE-2022-44003
CVE-2022-44003 affects BACKCLICK Professional 5.9.63. The issue arises from insufficient escaping of user-supplied input, causing SQL injections at various locations. CVSS v3.1 base score is 9.8 (CRITICAL): network attack vector, low attack complexity, no privileges required, no user interaction,...
CVE-2022-44002
CVE-2022-44002 affects BACKCLICK Professional 5.9.63. The issue is insufficient output encoding of user-supplied data in the web application, allowing cross-site scripting (XSS) at various locations. The available documents confirm the vulnerability and its impact (XSS) but do not provide explici...
CVE-2022-44007
BACKCLICK Professional 5.9.63 is affected by a Session Fixation flaw stemming from an unsafe session-tracking implementation. An attacker could entice a user to open an authenticated session using a known session identifier. The issue is documented across multiple sources (e.g., Red Hat, PT-Secur...