Lucene search
K

43 matches found

CNVD
CNVD
added 2024/02/02 12:0 a.m.4 views

FacileManager Cross-Site Scripting Vulnerability

facileManager is facileManager company's set of modular Web applications . A cross-site scripting vulnerability exists in facileManager that stems from insufficient input validation and can be exploited by an attacker to steal a victim's cookie-based authentication credentials...

5.4CVSS6.3AI score0.00424EPSS
Exploits1References1
CNVD
CNVD
added 2024/02/02 12:0 a.m.8 views

FacileManager Elevation of Privilege Vulnerability

facileManager is a set of modular Web applications from facileManager Inc. An elevation of privilege vulnerability exists in facileManager that stems from improper privilege management. An attacker can exploit this vulnerability to gain elevated privileges on the system...

8.8CVSS7AI score0.00817EPSS
Exploits1References1
CNVD
CNVD
added 2024/02/02 12:0 a.m.11 views

facileManager SQL Injection Vulnerability

facileManager is a suite of modular Web applications from facileManager, Inc. facileManager suffers from an SQL injection vulnerability that originates from an unsafe call to the extract function in admin-logs.php. An attacker can use this vulnerability to view, add, modify, or delete information...

6.5CVSS7.4AI score0.00641EPSS
Exploits1References1
NVD
NVD
added 2024/01/31 11:15 p.m.29 views

CVE-2024-24571

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation...

5.4CVSS5.3AI score0.00424EPSS
Exploits1References2
NVD
NVD
added 2024/01/31 11:15 p.m.47 views

CVE-2024-24572

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

6.5CVSS6.8AI score0.00641EPSS
Exploits1References2
Prion
Prion
added 2024/01/31 11:15 p.m.22 views

Design/Logic Flaw

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

6.5CVSS6.8AI score0.00817EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/01/31 11:15 p.m.24 views

Sql injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

4.7CVSS7.6AI score0.00641EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/01/31 11:15 p.m.17 views

Input validation

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation...

4.9CVSS6.2AI score0.00424EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/01/31 10:33 p.m.110 views

CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.4AI score0.00817EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/01/31 10:33 p.m.24 views

CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.8AI score0.00817EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/31 10:33 p.m.4 views

CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.5AI score0.00817EPSS
Exploits1References2
CVE
CVE
added 2024/01/31 10:33 p.m.52 views

CVE-2024-24573

CVE-2024-24573 affects facileManager (versions ≤ 4.5.0). The redacted/official descriptions indicate an elevation of privilege via mass assignment flaw: non-admin users can arbitrarily set their permissions, granting super user privileges through the profile-update flow (POST to server/fm-modules...

8.8CVSS8.5AI score0.00817EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 10:33 p.m.19 views

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

6.5CVSS7.3AI score0.00641EPSS
Exploits1References2
OSV
OSV
added 2024/01/31 10:33 p.m.41 views

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

6.5CVSS6.6AI score0.00641EPSS
Exploits1References4
CVE
CVE
added 2024/01/31 10:33 p.m.55 views

CVE-2024-24572

facileManager is a modular web app. In versions ≤4.5.0, admin-logs.php calls extract() on $_REQUEST, allowing an authenticated user (with site-log viewing privileges) to append GET parameter search_sql and bypass injection protections, enabling SQL injection from manipulated search_sql.

6.5CVSS6.7AI score0.00641EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/31 10:33 p.m.64 views

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

6.5CVSS7AI score0.00641EPSS
Exploits1References2
OSV
OSV
added 2024/01/31 10:32 p.m.24 views

CVE-2024-24571 facileManager Systemic Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation...

5.4CVSS5.2AI score0.00424EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/01/31 10:32 p.m.31 views

CVE-2024-24571 facileManager Systemic Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation...

5.4CVSS5.4AI score0.00424EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/31 10:32 p.m.5 views

CVE-2024-24571 facileManager Systemic Cross-Site Scripting (XSS)

facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation...

5.4CVSS6AI score0.00424EPSS
Exploits1References2
CVE
CVE
added 2024/01/31 10:32 p.m.63 views

CVE-2024-24571

CVE-2024-24571 concerns the facileManager web application. Multiple connected sources confirm a systemic Cross-Site Scripting (XSS) vulnerability in versions 4.5.0 and earlier, arising from insufficient input validation in almost all input fields. The issue is described across NVD, Red Hat, CNVD/...

5.4CVSS5.2AI score0.00424EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder