15 matches found
CVE-2024-40395
An Insecure Direct Object Reference IDOR in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level...
CVE-2024-40395
CVE-2024-40395 : Concrete details across multiple connected sources confirm an Insecure Direct Object Reference (IDOR) in PT C ThingWorx v9.5.0 that lets an attacker view sensitive information, including PII, regardless of access level. The root cause is an IDOR in ThingWorx 9.5.0; impact is expo...
Sql injection
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter...
CVE-2022-45019
CVE-2022-45019 affects SLiMS 9 Bulian v9.5.0, with a SQL injection vulnerability exploitable via the keywords parameter. Public records (NVD/Red Hat/OSV, etc.) consistently describe the flaw as a SQL injection leading to Confidentiality impact (high) and no reported impacts to integrity/availabil...
CVE-2022-32299
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php...
CVE-2022-32301
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...
Sql injection
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php...
Sql injection
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php...
Sql injection
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...
CVE-2022-32300
CVE-2022-32300 affects YoudianCMS v9.5.0, with a SQL injection vulnerability exploitable via the MailSendID parameter in /App/Lib/Action/Admin/MailAction.class.php. Root cause: lack of input validation on MailSendID. Public descriptions (CNVD/CNNVD/NVD) indicate attackers could execute arbitrary ...
CVE-2022-32300
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php...
CVE-2022-32301
CVE-2022-32301 affects YoudianCMS v9.5.0. A SQL injection exists via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php due to insufficient input validation. The vulnerability is described across multiple sources (CNVD/CNNVD, NVD, Red Hat/CVE pages) as allowing potentially illegal S...
CVE-2022-32301
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...
CVE-2022-32299
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php...
CVE-2022-32299
Affected software/versions: YoudianCMS v9.5.0. Vulnerability: SQL injection via the id parameter in /App/Lib/Action/Admin/SiteAction.class.php, caused by lack of input validation for externally entered SQL. Impact (as stated): enables an attacker to execute illegal SQL commands and potentially ac...