Lucene search
K

92 matches found

CNNVD
CNNVD
added 2022/11/16 12:0 a.m.6 views

BACKCLICK 安全漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, evaluate, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from its publicly available internal communication interface that allows ...

9.8CVSS8.5AI score0.00949EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.4 views

BACKCLICK 跨站脚本漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from insufficient output coding of user-supplied data allowing an attacker...

6.1CVSS5.6AI score0.00353EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.4 views

BACKCLICK 安全漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from the use of consecutive IDs in the validation link, the...

5.3CVSS5.8AI score0.00612EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/11/16 12:0 a.m.27 views

CVE-2022-44005

An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...

5.6AI score0.00612EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.8 views

BACKCLICK SQL注入漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A SQL injection vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from insufficient user-supplied input escaping, and can be...

9.8CVSS8.5AI score0.01488EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.5 views

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which originates from improper authentication, and can be exploited by an...

6.5CVSS6.7AI score0.0082EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.4 views

CVE-2022-44000

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...

7.7AI score0.00949EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/16 12:0 a.m.19 views

CVE-2022-44002

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...

6.1AI score0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/16 12:0 a.m.27 views

CVE-2022-44007

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...

8.8AI score0.00804EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/16 12:0 a.m.5 views

PT-2022-27065 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient escaping of user-supplied input, making the application vulnerable to SQL injection at various locations. Recommendations: For BACKCLICK Profession...

9.8CVSS7.9AI score0.01488EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.4 views

BACKCLICK 授权问题漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability in BACKCLICK Professional version 5.9.63, which stems from an insecure design or lack of authentication, can be exploited by an...

9.8CVSS8.2AI score0.01182EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.13 views

CVE-2022-44004

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password...

7AI score0.01182EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.4 views

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...

9.8CVSS8.2AI score0.01877EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/11/16 12:0 a.m.4 views

PT-2022-27067 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered in the newsletter sign-up functionality due to the use of consecutive IDs in verification links. This allows for the enumeration of subscribers' e-mail addresses...

5.3CVSS7.2AI score0.00612EPSS
Exploits1References6
CVE
CVE
added 2022/11/16 12:0 a.m.64 views

CVE-2022-44008

CVE-2022-44008 affects BACKCLICK Professional 5.9.63. The root cause is improper validation that allows retrieval of arbitrary local files by directly accessing the back-end Tomcat server, leading to potential confidentiality impact. A separate advisory notes the existence of a PoC for exploitati...

6.5CVSS6.4AI score0.0082EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/11/16 12:0 a.m.57 views

CVE-2022-44000

BACKCLICK Professional 5.9.63 is affected by CVE-2022-44000 due to an exposed internal communications interface that enables arbitrary system command execution on the server. The vulnerability stems from access to an internal interface, allowing remote code execution with no privileges required (...

9.8CVSS9.7AI score0.00949EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/11/16 12:0 a.m.55 views

CVE-2022-43999

CVE-2022-43999 affects BACKCLICK Professional 5.9.63. The issue arises from exposed CORBA management services, allowing arbitrary system commands to be executed on the server. Public documents assign a CRITICAL impact (CVSS v3.1: 9.8, network attack vector, no privileges or user interaction requi...

9.8CVSS9.4AI score0.00949EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/11/16 12:0 a.m.62 views

CVE-2022-44003

CVE-2022-44003 affects BACKCLICK Professional 5.9.63. The issue arises from insufficient escaping of user-supplied input, causing SQL injections at various locations. CVSS v3.1 base score is 9.8 (CRITICAL): network attack vector, low attack complexity, no privileges required, no user interaction,...

9.8CVSS9.7AI score0.01488EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/11/16 12:0 a.m.60 views

CVE-2022-44002

CVE-2022-44002 affects BACKCLICK Professional 5.9.63. The issue is insufficient output encoding of user-supplied data in the web application, allowing cross-site scripting (XSS) at various locations. The available documents confirm the vulnerability and its impact (XSS) but do not provide explici...

6.1CVSS5.9AI score0.00353EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/16 12:0 a.m.56 views

CVE-2022-44007

BACKCLICK Professional 5.9.63 is affected by a Session Fixation flaw stemming from an unsafe session-tracking implementation. An attacker could entice a user to open an authenticated session using a known session identifier. The issue is documented across multiple sources (e.g., Red Hat, PT-Secur...

8.8CVSS8.5AI score0.00804EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder