Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:1 a.m.7 views

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5.3CVSS6.9AI score0.00772EPSS
Exploits1References1
NVD
NVD
added 2022/07/18 1:15 p.m.17 views

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5.3CVSS0.00772EPSS
Exploits1References2
Prion
Prion
added 2022/07/18 1:15 p.m.18 views

Sql injection

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. An unauthenticated attacker...

6.4CVSS8.4AI score0.02732EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/07/18 1:15 p.m.15 views

Unrestricted file upload

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

6.5CVSS8.8AI score0.02732EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/07/18 12:34 p.m.76 views

CVE-2022-24692

The CVE-2022-24692 entry concerns DSK DSKNet 2.16.136.0 and 2.17.136.5. A new menu option on the general Parameters page is vulnerable to stored XSS, allowing an attacker to create a menu option visible to all users and potentially perform session hijacking, account takeover, or deliver malicious...

5.4CVSS5.7AI score0.0051EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/07/18 12:34 p.m.78 views

CVE-2022-24691

CVE-2022-24691 affects DSK DSKNet 2.16.136.0 and 2.17.136.5. The vulnerability is a blind boolean-based SQL Injection that allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests.

7.1CVSS7AI score0.00779EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/18 12:34 p.m.24 views

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5.6AI score0.00772EPSS
Exploits1References2
CVE
CVE
added 2022/07/18 12:34 p.m.69 views

CVE-2022-24689

The CVE-2022-24689 entry concerns DSK DSKNet 2.16.136.0 and 2.17.136.5, where broken access control allows an unauthenticated remote attacker to view account information pages (including personal data) and obtain login badge numbers; PINs are four-digit and susceptible to a 10,000-guess brute for...

5.3CVSS5.3AI score0.00772EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/18 12:34 p.m.30 views

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

9.2AI score0.02732EPSS
Exploits1References2
CVE
CVE
added 2022/07/18 12:34 p.m.73 views

CVE-2022-24688

CVE-2022-24688 affects DSK DSKNet 2.16.136.0 and 2.17.136.5. The issue allows unrestricted file upload via PDF content that uses a PHP extension, enabling Remote Code Execution. An attacker must obtain privileged access to the Parameters page (via Broken Access Control with brute-force or SQL Inj...

8.8CVSS8.9AI score0.02732EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder