Landray EIS SQL注入漏洞

Landray EIS 2001 through 2006 contains a SQL injection caused by unsanitized input in Message/fimessagereceiver.aspx?replyid=, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2025-22214 info: name: Landray EIS SQL注入漏洞 author: Ark severity: critical...

VulnCheck KEV: CVE-2025-22214

Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...

EUVD-2025-2670

Malicious code in bioql PyPI...

CVE-2025-22214

Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...

PT-2025-4391

Name of the Vulnerable Software and Affected Versions Landray EIS versions 2001 through 2006 Description The issue allows SQL injection in the "Message/fi message receiver.aspx?replyid=" endpoint. This enables unauthorized data access. Recommendations For versions 2001 through 2006, consider...

CVE-2025-22214

CVE-2025-22214 relates to Landray EIS versions 2001–2006 and describes a SQL injection vulnerability in the message handling path at Message/fi_message_receiver.aspx?replyid= . The available connected documents confirm the affected product and the injection vector but do not provide explicit expl...

Undirectional routing wasn't respected in some cases in Mitogen

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetica...

CVE-2019-15149

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetica...

Design/Logic Flaw

DISPUTED core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with...

Leakage Of Sensitive Information

fh-wfm-user is vulnerable to leakage of sensitive information. The vulnerability exists because it does not prevent the return of full user profile object of the message receiver when the user clicks onto any message via the message view, leaking the password and other sensitive data about the us...