3 matches found
CVE-2019-19986
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP POST or GET parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based this...
CVE-2019-19986
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP POST or GET parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based this...
CVE-2019-19986
The CVE-2019-19986 entry affects Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29. An unauthenticated attacker can inject the persoid parameter in /tools/VamPersonPhoto.php to execute arbitrary SQL SELECT statements. The vulnerability is described as error-based SQL injection. Pub...