24 matches found
Sql injection
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPFXPAR1 parameter...
CVE-2020-15947
CVE-2020-15947 is a SQL injection affecting Loway QueueMetrics prior to 19.10.21 in the qm_adm/qm_export_stats_run.do endpoint. The issue allows a remote authenticated user to cause arbitrary SQL commands through the exportId parameter. Documented exploit details are not provided beyond the vulne...
CVE-2020-15925
CVE-2020-15925 describes a SQL injection in Loway QueueMetrics prior to version 19.10.21, exploitable via the TPF_XPAR1 parameter in a tpf URI. The vulnerability is triggered by remote authenticated attackers and can lead to arbitrary SQL execution, impacting data integrity and confidentiality. A...
CVE-2020-15925
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPFXPAR1 parameter...