19 matches found
CVE-2024-1301
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
CVE-2024-1303
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...
CVE-2024-1301
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
CVE-2024-1304
Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...
CVE-2024-1303
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...
CVE-2024-1302
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...
CVE-2024-1304
Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...
Design/Logic Flaw
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...
Cross site scripting
Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...
Information disclosure
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...
Sql injection
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
CVE-2024-1304
CVE-2024-1304 affects Badger Meter Monitool up to version 4.6.3 and earlier. The vulnerability is a cross-site scripting issue allowing a remote attacker to deliver a crafted JavaScript payload to an authenticated user, potentially hijacking the user’s browser session (partial impact on integrity...
CVE-2024-1303 Multiple Vulnerabilities in Badger Meter's Monitool
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...
CVE-2024-1303
CVE-2024-1303 affects Badger Meter Monitool prior to 4.6.3. The root cause is an incorrect restriction that allows path traversal in the download-file function, enabling an authenticated attacker to retrieve arbitrary files from the device. Affected component: Monitool on compatible Badger Meter ...
CVE-2024-1302
CVE-2024-1302 affects Badger Meter Monitool up to version 4.6.3 and earlier. The vulnerability allows a local attacker to manipulate the application’s file parameter to point to a log file, leading to exposure of sensitive data such as database credentials. Documents consistently describe an info...
CVE-2024-1301 Multiple Vulnerabilities in Badger Meter's Monitool
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
CVE-2024-1301
CVE-2024-1301 describes an SQL injection in Badger Meter Monitool affecting versions 4.6.3 and earlier. The vulnerability arises from allowably crafting input sent to the server via the j_username parameter, enabling a remote attacker to retrieve information stored in the database. Multiple conne...
PT-2024-17869 · Badger Meter · Badger Meter Monitool
Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions 4.6.3 and earlier Description: A remote attacker could send a specially crafted SQL query to the server via the j username parameter and retrieve the information stored in the database. This issue allows an...
PT-2024-17878 · Badger Meter · Badger Meter Monitool
Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions up to 4.6.3 and earlier Description: The issue allows a local attacker to change the application's file parameter to a log file, obtaining sensitive information such as database credentials. Recommendations: For...