CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure

E-WEBInformationCo. FS-EZViewerWeb exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...

EC-WEB FS-EZViewer 信息泄露漏洞

EC-WEB FS-EZViewer is an online document viewing application. An information disclosure vulnerability exists in EC-WEB FS-EZViewer version 10.4.0.X and prior versions, which stems from the presence of a sensitive information disclosure vulnerability. An attacker can obtain database configuration...

CVE-2024-1523

EC-WEB FS-EZViewerWeb's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo...

CVE-2024-1523

EC-WEB FS-EZViewerWeb's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo...

CVE-2024-1523 EC-WEB FS-EZViewer(Web) - SQL Injection

EC-WEB FS-EZViewerWeb's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo...

EC-WEB FS-EZViewer SQL Injection Vulnerability

EC-WEB FS-EZViewer is an online document viewing application. EC-WEB FS-EZViewer suffers from a SQL injection vulnerability that stems from a lack of proper restrictions on user input. A remote attacker could use this vulnerability to inject SQL commands to read, modify, and delete database recor...

PT-2024-18111 · Unknown · Ec-Web Fs-Ezviewer

Name of the Vulnerable Software and Affected Versions: EC-WEB FS-EZViewerWeb affected versions not specified Description: The query functionality in EC-WEB FS-EZViewerWeb lacks proper restrictions on user input, allowing remote attackers authenticated as regular users to inject SQL commands. This...