72 matches found
CVE-2022-40798
OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover...
CVE-2022-40798
OcoMon 4.0RC1 is affected by an Incorrect Access Control vulnerability. An attacker can retrieve the real email via a crafted request, and by repeating the request with the correct email may achieve account takeover. Affected product/version: OcoMon 4.0RC1. Root cause stated: improper access cont...
PT-2022-25542 · Ocomon · Ocomon
Name of the Vulnerable Software and Affected Versions: OcoMon version 4.0RC1 Description: The issue is related to Incorrect Access Control. Through a request, a user can obtain the real email, and by sending the same request with the correct email, it is possible to perform an account takeover...
CVE-2022-40798
OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover...
CVE-2022-41391
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...
CVE-2022-41390
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...
CVE-2022-41390
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...
CVE-2022-41391
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...
Sql injection
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...
Sql injection
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...
OcoMon SQL注入漏洞
OcoMon is a helpdesk system from the personal developer Rafael Foster. It is designed to manage integrated inventory control that supports tickets and computing devices. An SQL injection vulnerability exists in OcoMon version v4.0, which stems from the cod parameter in download.php being vulnerab...
CVE-2022-41391
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...
CVE-2022-41390
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...
PT-2022-25840 · Ocomon · Ocomon
Name of the Vulnerable Software and Affected Versions: OcoMon version 4.0 Description: A SQL injection issue was discovered in OcoMon via the cod parameter at the "showImg.php" endpoint. This allows for potential exploitation of the database. Recommendations: For OcoMon version 4.0, consider...
CVE-2022-41390
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...
CVE-2022-41391
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...
OcoMon SQL注入漏洞
OcoMon is a helpdesk system from the personal developer Rafael Foster. It is designed to manage integrated inventory control that supports tickets and computing devices. An SQL injection vulnerability exists in OcoMon version v4.0, which stems from the cod parameter in showImg.php being vulnerabl...
CVE-2022-41390
Summary (CVE-2022-41390): OcoMon v4.0 is affected by a SQL injection vulnerability in the download.php endpoint, triggered via the cod parameter. The issue is described as affecting the ability to inject SQL through this parameter, with the CVSS v3.1 metrics indicating a critical impact (AV:N/AC:...
CVE-2022-41391
CVE-2022-41391 affects OcoMon v4.0, with a SQL injection in the showImg.php endpoint via the cod parameter. The root cause is unsafely handling user input in the SQL query, allowing attackers to craft requests that may compromise confidentiality, integrity, and availability (CVSS v3.1 base score ...
Ocomon 2.0 - SQL Injection
Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql Injection Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6 Date: 2016.08.18 Exploit Author: Jonatas Fil a.k.a pwx Vendor Homepage: ninj4c0d3r.github.io Version: Latest 2.0RC6 Tested on: Linux And Windows CVE :...