12 matches found
EUVD-2024-50252
Malicious code in bioql PyPI...
CVE-2024-9971
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents...
CVE-2024-9971
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents...
CVE-2024-9970
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie...
CVE-2024-9970
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie...
CVE-2024-9971
The CVE-2024-9971 issue affects NewType’s FlowMaster BPM Plus. A flaw in the product’s specific query function fails to properly restrict user input, allowing SQL injection. This enables remote attackers with regular privileges to read, modify, or delete database contents. Documents cite a high-s...
CVE-2024-9971 NewType FlowMaster BPM Plus - SQL Injection
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents...
CVE-2024-9971 NewType FlowMaster BPM Plus - SQL Injection
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents...
CVE-2024-9970
CVE-2024-9970 concerns NewType’s FlowMaster BPM Plus, where a privilege-escalation flaw allows an attacker with regular privileges to tamper with a specific cookie to gain administrator rights. The CVSS-3.1 metrics indicate Network access, Low attack complexity, Privileges Required: Low, with Hig...
CVE-2024-9970 NewType FlowMaster BPM Plus - Privilege Escalation
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie...
NewType FlowMaster BPM Plus SQL注入漏洞
NewType FlowMaster BPM Plus is a business process management system from NewType, a Chinese company. A SQL injection vulnerability exists in NewType FlowMaster BPM Plus, which arises from a specific query function that does not properly restrict user input, allowing a remote attacker with regular...
PT-2024-39968 · Newtype · Flowmaster Bpm Plus
Name of the Vulnerable Software and Affected Versions: FlowMaster BPM Plus affected versions not specified Description: The FlowMaster BPM Plus system from NewType has a privilege escalation issue. Remote attackers with regular privileges can elevate their privileges to administrator by tampering...