78 matches found
CVE-2022-39033
Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete...
CVE-2022-39034
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...
CVE-2022-39031
Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...
CVE-2022-39031
Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...
CVE-2022-39032
Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service...
CVE-2022-39030
smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information...
CVE-2022-39032
Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service...
CVE-2022-39029
Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...
Cross site scripting
Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...
Privilege escalation
Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service...
Authorization
Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...
Authorization
Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...
Path traversal
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...
CVE-2022-39035 Smart eVision - Stored XSS
Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...
CVE-2022-39035 Smart eVision - Stored XSS
Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...
CVE-2022-39035
CVE-2022-39035 concerns Smart eVision, where insufficient filtering of special characters in a POST Data parameter in a specific function enables an unauthenticated, remote attacker to inject JavaScript for a Stored XSS. Affected software is Smart eVision; the vulnerability stems from inadequate ...
CVE-2022-39034 Smart eVision - Path Traversal -2
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...
CVE-2022-39034
CVE-2022-39034 concerns Smart eVision, where the Report API is vulnerable to a path traversal due to insufficient filtering of special URL characters. The vulnerability allows a remote user with general (low) privileges to bypass authentication, access restricted paths, and download system files....
CVE-2022-39034 Smart eVision - Path Traversal -2
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...
CVE-2022-39033
CVE-2022-39033 affects Smart eVision’s file acquisition function. The root cause is insufficient filtering of special characters in the URL parameter, enabling a path traversal vulnerability. An unauthenticated attacker can bypass authentication and access restricted paths to download and delete ...