CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure

E-WEBInformationCo. FS-EZViewerWeb exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...

CVE-2024-1523

EC-WEB FS-EZViewerWeb's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo...

CVE-2024-1523 EC-WEB FS-EZViewer(Web) - SQL Injection

EC-WEB FS-EZViewerWeb's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo...

PT-2024-18111 · Unknown · Ec-Web Fs-Ezviewer

Name of the Vulnerable Software and Affected Versions: EC-WEB FS-EZViewerWeb affected versions not specified Description: The query functionality in EC-WEB FS-EZViewerWeb lacks proper restrictions on user input, allowing remote attackers authenticated as regular users to inject SQL commands. This...