CVE-2024-50584

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/templateio.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the...

CVE-2024-50584

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/templateio.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the...

CVE-2024-50584 SQL Injection

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/templateio.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the...

CVE-2024-50584

Concrete details found: CVE-2024-50584 involves an authenticated Poweruser who can exploit a SQL injection via the /class/template_io.php endpoint, by supplying malicious GET parameters. The vulnerable parameter is templates, susceptible to blind boolean-based SQL injection with injection of SQL ...

CVE-2024-50584 SQL Injection

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/templateio.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the...

CVE-2024-36498

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

CVE-2024-36498 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

CVE-2024-47947

CVE-2024-47947 concerns a stored XSS vulnerability in Image Access Scan2Net/ScanWizard ecosystem. The issue arises from missing input sanitization in the configuration menu’s "Edit Disclaimer Text" function, exploitable by an attacker to inject JavaScript that runs in other users’ browsers. Affec...

PT-2024-32909 · Unknown · Scanwizard

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to missing input sanitization, allowing an attacker to perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit...

PT-2024-34340 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions affected versions not specified Description: An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the "/class/template io.php" file and supplying malicious GET parameters. The...

CVE-2024-47946

If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code execut...

CVE-2024-47946 OS Command Execution through Arbitrary File Upload

If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code execut...

CVE-2024-47946

The CVE-2024-47946 issue affects Image Access Scan2Net software. Descriptions across sources state that remote code execution is possible when an attacker with a valid Poweruser session uploads specially crafted valid PNG files containing injected PHP content as desktop backgrounds or lock screen...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access Germany. A security vulnerability exists in Image Access Scan2Net version 7.40 and earlier, version 7.42 and earlier, and version 7.42B and earlier, which originates from a code execution vulnerability that can be remotely exploited i...