5 matches found
CVE-2025-4764
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
CVE-2022-39057 Changing Information Technology Inc. RAVA certificate validation system - Command Injection
RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...
CVE-2022-39056 Changing Information Technology Inc. RAVA certificate validation system - SQL Injection
RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database...
CVE-2022-39055 Changing Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF)
RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response...
CVE-2021-44161 Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection
Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...