16 matches found
CVE-2022-44017
An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/main can be used for this. This is due to the credentials not being cleaned from the local storage after...
CVE-2022-44014
An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...
Simmeth System Supplier Manager Session Management Error Vulnerability
Simmeth System Supplier Manager, a supply chain software from Simmeth System, Germany, is vulnerable to a session management error in versions prior to Simmeth System Supplier Manager 5.6. The vulnerability stems from credentials not being cleared from local storage after logging out, which could...
Simmeth System Supplier Manager Authentication Bypass Vulnerability
Simmeth System Supplier Manager is a supply chain software from Simmeth System, Germany.An authentication bypass vulnerability exists in versions prior to Simmeth System Supplier Manager 5.6, which can be exploited by attackers to invoke multiple APIs without authentication...
Simmeth System Supplier Manager Arbitrary File Download Vulnerability
Simmeth System Supplier Manager is a supply chain software from Simmeth System, a German company, and an arbitrary file download vulnerability exists in versions prior to Simmeth System Supplier Manager 5.6, which can be exploited by attackers to download arbitrary files from a web server by...
Simmeth System Supplier Manager SQL Injection Vulnerability
Simmeth System Supplier Manager is a supply chain software from Simmeth System GmbH, Germany.A SQL injection vulnerability exists in versions prior to Simmeth System GmbH Supplier Manager 5.6. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...
Simmeth System Supplier Manager Design Error Vulnerability
Simmeth System Supplier Manager is a supply chain software from Simmeth System, Germany. versions prior to Simmeth System Supplier Manager 5.6 contain a design error vulnerability that could be exploited by attackers to obtain sensitive database information...
Simmeth System Supplier Manager Cross-Site Scripting Vulnerability
Simmeth System Supplier Manager, a supply chain software from Simmeth System GmbH, Germany, is vulnerable to a cross-site scripting vulnerability in versions prior to Simmeth System GmbH Supplier Manager 5.6. An attacker could use this vulnerability to execute JavaScript code in the victim's...
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass Vulnerabilities
Simmeth System GmbH Supplier Manager Lieferantenmanager versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL injection, and various other vulnerabilities...
Simmeth System Supplier Manager 跨站脚本漏洞
Simmeth System Supplier Manager, a supply chain software from Simmeth System GmbH, Germany, is vulnerable to a cross-site scripting vulnerability in versions prior to Simmeth System GmbH Supplier Manager 5.6. An attacker could use this vulnerability to execute JavaScript code in the victim's...
Simmeth System Supplier Manager 路径遍历漏洞
Simmeth System Supplier Manager is a supply chain software from Simmeth System, a German company, and an arbitrary file download vulnerability exists in versions prior to Simmeth System Supplier Manager 5.6, which can be exploited by attackers to download arbitrary files from a web server by...
Simmeth System Supplier Manager 授权问题漏洞
Simmeth System Supplier Manager, a supply chain software from Simmeth System, Germany, is vulnerable to a session management error in versions prior to Simmeth System Supplier Manager 5.6. The vulnerability stems from credentials not being cleared from local storage after logging out, which could...
Simmeth System Supplier Manager SQL注入漏洞
Simmeth System Supplier Manager is a supply chain software from Simmeth System, Germany. versions prior to Simmeth System Supplier Manager 5.6 contain a design error vulnerability that could be exploited by attackers to obtain sensitive database information...
Simmeth System Supplier Manager SQL注入漏洞
Simmeth System Supplier Manager is a supply chain software from Simmeth System GmbH, Germany.A SQL injection vulnerability exists in versions prior to Simmeth System GmbH Supplier Manager 5.6. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...
Simmeth System Supplier Manager 访问控制错误漏洞
Simmeth System Supplier Manager is a supply chain software from Simmeth System, Germany.An authentication bypass vulnerability exists in versions prior to Simmeth System Supplier Manager 5.6, which can be exploited by attackers to invoke multiple APIs without authentication...
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Simmeth System GmbH Supplier manager Lieferantenmanager vulnerable version: 5.6 fixed version: 5.6 CVE number: CVE-2022-44012,...