BACKCLICK Professional has an authentication bypass vulnerability

BACKCLICK, a marketing software from BACKCLICK Germany, helps organizations create, implement, evaluate and run web-based email campaigns. version 5.9.63 of BACKCLICK Professional is vulnerable to an authentication bypass. An attacker could use this vulnerability to bypass user authentication use...

CVE-2022-44002

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...

PT-2022-27070 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to improper validation, allowing arbitrary local files to be retrieved by accessing the back-end Tomcat server directly. Recommendations: For BACKCLICK Professiona...

BACKCLICK 授权问题漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability in BACKCLICK Professional version 5.9.63, which stems from an insecure design or lack of authentication, can be exploited by an...

PT-2022-27062 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an exposed internal communications interface, making it possible to execute arbitrary system commands on the server. Recommendations: For BACKCLICK Professional...

PT-2022-27065 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient escaping of user-supplied input, making the application vulnerable to SQL injection at various locations. Recommendations: For BACKCLICK Profession...

PT-2022-27069 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an unsafe implementation of session tracking, making it possible for an attacker to trick users into opening an authenticated user session for a session...

PT-2022-27064 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient output encoding of user-supplied data, making the web application vulnerable to cross-site scripting XSS at various locations. Recommendations: For...

PT-2022-27066 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insecure design or lack of authentication, allowing unauthenticated attackers to complete the password-reset process for any account and set a new password...