19 matches found
CVE-2024-45875
The create user function in baltic-it TOPqw Webportal 1.35.287.1 fixed in version1.35.291, in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries...
CVE-2024-45878
The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...
CVE-2024-45876
The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...
CVE-2024-45878
The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...
CVE-2024-45875
The create user function in baltic-it TOPqw Webportal 1.35.287.1 fixed in version1.35.291, in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries...
CVE-2024-45876
The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...
CVE-2024-45877
baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock...
CVE-2024-45875
The CVE concerns baltic-it TOPqw Webportal 1.35.287.1, with a fix in 1.35.291. The vulnerability exists in the create user function at /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, where the JSON object username enables SQL query manipulation. This is a SQL injection in the user-creation path,...
CVE-2024-45877
The CVE-2024-45877 affects Baltic-it TOPqw Webportal v1.35.283.2, where an Incorrect Access Control flaw in the User Management page (/Apps/TOPqw/BenutzerManagement.aspx) lets a low-privilege user access all modules, view and modify other users’ information and permissions, lock/unlock accounts, ...
CVE-2024-45878
The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...
CVE-2024-45876
The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...
CVE-2024-45878
The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...
CVE-2024-45876
The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...
baltic-it TOPqw Webportal 安全漏洞
baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version 1.35.287.1, which stems from a SQL...
CVE-2024-45875
The create user function in baltic-it TOPqw Webportal 1.35.287.1 fixed in version1.35.291, in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries...
CVE-2024-45875
The create user function in baltic-it TOPqw Webportal 1.35.287.1 fixed in version1.35.291, in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries...
CVE-2024-45877
baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock...
baltic-it TOPqw Webportal 安全漏洞
baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version v1.35.283.2, which stems from a SQL...
CVE-2024-45876
CVE-2024-45876 affects baltic-it TOPqw Webportal v1.35.283.2 (fixed in v1.35.283.4). The vulnerability lives in the login form at /Apps/TOPqw/Login.aspx and targets the POST parameter txtUsername, enabling manipulation of SQL queries. Reported impact is possible unauthorized query modification; n...