173 matches found
CVE-2023-42244
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamvisits.php...
CVE-2023-42244
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamvisits.php...
CVE-2023-42245
Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via monitor/sscheduledfile.php...
CVE-2023-42245
Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via monitor/sscheduledfile.php...
CVE-2023-42239
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamep.php...
CVE-2023-42238
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vameps.php...
CVE-2023-42240
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/sscheduledfile.php...
CVE-2023-42236
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php...
CVE-2023-42235
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/snormalizedtrans.php...
CVE-2023-42235
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/snormalizedtrans.php...
CVE-2023-42237
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vamicommand.php...
CVE-2023-42243
In Selesta Visual Access Manager, versions prior to 4.42.2 are affected. An authenticated user can access the administrative page /common/vam_Sql.php and execute arbitrary SQL queries due to lack of validation of externally entered SQL statements. The impact is potential data exposure or modifica...
CVE-2023-42242
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/sterminal.php...
CVE-2023-42242
CVE-2023-42242 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL injection in the GET parameter of /monitor/s_terminal.php, potentially impacting confidentiality and integrity (per CVSS: Low impact) without affecting availability. Affected vers...
CVE-2023-42240
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/sscheduledfile.php...
CVE-2023-42240
CVE-2023-42240 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can trigger a SQL injection in multiple POST parameters of /monitor/s_scheduledfile.php. The connected sources consistently describe the issue as an authenticated SQL injection vulnerability in t...
CVE-2023-42240
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/sscheduledfile.php...
CVE-2023-42246
Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via /vam/vamep.php...
Selesta Visual Access Manager 安全漏洞
Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in /common/vamSql.php. An attacker can exploit this vulnerability to perform...
CVE-2023-42236
The CVE-2023-42236 issue affects Selesta Visual Access Manager (VAM) before version 4.42.2. Multiple sources describe an authenticated SQL Injection in the GET parameter of /common/ajaxfunction.php, caused by lack of input validation. Impact is shown as potential exposure of database data due to ...