9 matches found
CVE-2026-40830
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...
CVE-2026-40834
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
CVE-2026-40833
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
CVE-2026-40834 Authenticated SQLi in saveDashboardLayout function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...
CVE-2026-40828
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
CVE-2026-40825
CVE-2026-40825 describes an unauthenticated SQL Injection in the accountstatus view devices parameter. The vulnerability arises from improper neutralization of special elements in a SQL UPDATE command, enabling reading the entire database and altering values in a non-critical table. Reported impa...
CVE-2026-40824
CVE-2026-40824 describes an unauthenticated SQL Injection in the accountstatus view userid parameter. An attacker with network access can exploit improper neutralization of special elements in a SQL UPDATE, enabling reading of the entire database and modification of values in a non-critical table...
CVE-2026-40823
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...
PT-2026-43600
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a no...