173 matches found
CVE-2023-42241
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamanagraphic.php...
CVE-2023-42236
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php...
CVE-2023-42242
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/sterminal.php...
CVE-2023-42237
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vamicommand.php...
CVE-2023-42238
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vameps.php...
CVE-2023-42249
Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via vam/vamvisits.php...
CVE-2019-19988
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vameditXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the...
CVE-2019-19993
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths...
CVE-2019-19991
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Reflected Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vamanagraphic.php, /vam/vamvamuser.php, /common/vampmain.php...
CVE-2019-19992
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vameditXml.php doesn't check the parameter that identifies the file name to be read. Thus, an...
CVE-2019-19987
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...
CVE-2019-19989
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...
CVE-2019-19986
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP POST or GET parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based this...
CVE-2019-19990
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Stored Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/sheadmodel.php and /vam/vamuser.php...
CVE-2019-19994
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vammonitorsap.php...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22315)
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple parameters of /monitor/snormalizedtrans.php...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22654)
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager. The vulnerability stems from the application's lack of validation of externally entered SQL statements and is exploited by an attacker to perform SQL...
Selesta Visual Access Manager Cross-Site Scripting Vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in Selesta Visual Access Manager, which stems from the application's lack of effective filtering and escaping of user-supplied data, and for which no detailed vulnerability details a...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22656)
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in the POST parameter of /vam/vameps.php...
Selesta Visual Access Manager vam_ep.php file cross-site scripting vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in the Selesta Visual Access Manager vamep.php file, no details of the vulnerability are available at this time...