Lucene search
+L

173 matches found

attackerkb
attackerkb
added 2025/01/13 10:15 p.m.5 views

CVE-2023-42244

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamvisits.php...

8.8CVSS6AI score0.00377EPSS
Exploits0References2
nvd
nvd
added 2025/01/13 10:15 p.m.11 views

CVE-2023-42244

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamvisits.php...

8.8CVSS0.00377EPSS
Exploits0References1
nvd
nvd
added 2025/01/13 10:15 p.m.15 views

CVE-2023-42245

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via monitor/sscheduledfile.php...

6.1CVSS0.00228EPSS
Exploits0References1
attackerkb
attackerkb
added 2025/01/13 10:15 p.m.6 views

CVE-2023-42245

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via monitor/sscheduledfile.php...

6.1CVSS5.8AI score0.00228EPSS
Exploits0References2
nvd
nvd
added 2025/01/13 10:15 p.m.14 views

CVE-2023-42239

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vamep.php...

3.8CVSS0.00315EPSS
Exploits0References1
osv
osv
added 2025/01/13 10:15 p.m.6 views

CVE-2023-42238

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vameps.php...

3.8CVSS5.9AI score0.00315EPSS
Exploits0References1
nvd
nvd
added 2025/01/13 10:15 p.m.13 views

CVE-2023-42240

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/sscheduledfile.php...

3.8CVSS0.00237EPSS
Exploits0References1
nvd
nvd
added 2025/01/13 10:15 p.m.22 views

CVE-2023-42236

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php...

3.8CVSS0.00315EPSS
Exploits0References1
osv
osv
added 2025/01/13 10:15 p.m.4 views

CVE-2023-42235

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/snormalizedtrans.php...

3.8CVSS5.8AI score0.00315EPSS
Exploits0References1
nvd
nvd
added 2025/01/13 10:15 p.m.18 views

CVE-2023-42235

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/snormalizedtrans.php...

3.8CVSS0.00315EPSS
Exploits0References1
nvd
nvd
added 2025/01/13 10:15 p.m.11 views

CVE-2023-42237

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vamicommand.php...

3.8CVSS0.00237EPSS
Exploits0References1
cve
cve
added 2025/01/13 12:0 a.m.44 views

CVE-2023-42243

In Selesta Visual Access Manager, versions prior to 4.42.2 are affected. An authenticated user can access the administrative page /common/vam_Sql.php and execute arbitrary SQL queries due to lack of validation of externally entered SQL statements. The impact is potential data exposure or modifica...

5.4CVSS7.5AI score0.00235EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/01/13 12:0 a.m.14 views

CVE-2023-42242

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/sterminal.php...

4.8AI score0.00315EPSS
Exploits0References1
cve
cve
added 2025/01/13 12:0 a.m.35 views

CVE-2023-42242

CVE-2023-42242 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL injection in the GET parameter of /monitor/s_terminal.php, potentially impacting confidentiality and integrity (per CVSS: Low impact) without affecting availability. Affected vers...

3.8CVSS8.1AI score0.00315EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2025/01/13 12:0 a.m.9 views

CVE-2023-42240

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/sscheduledfile.php...

4.9AI score0.00237EPSS
Exploits0References1
cve
cve
added 2025/01/13 12:0 a.m.35 views

CVE-2023-42240

CVE-2023-42240 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can trigger a SQL injection in multiple POST parameters of /monitor/s_scheduledfile.php. The connected sources consistently describe the issue as an authenticated SQL injection vulnerability in t...

3.8CVSS7.9AI score0.00237EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/01/13 12:0 a.m.11 views

CVE-2023-42240

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/sscheduledfile.php...

0.00237EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/01/13 12:0 a.m.7 views

CVE-2023-42246

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via /vam/vamep.php...

5.9AI score0.0023EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/13 12:0 a.m.3 views

Selesta Visual Access Manager 安全漏洞

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in /common/vamSql.php. An attacker can exploit this vulnerability to perform...

5.4CVSS8AI score0.00235EPSS
Exploits0References1
cve
cve
added 2025/01/13 12:0 a.m.33 views

CVE-2023-42236

The CVE-2023-42236 issue affects Selesta Visual Access Manager (VAM) before version 4.42.2. Multiple sources describe an authenticated SQL Injection in the GET parameter of /common/ajaxfunction.php, caused by lack of input validation. Impact is shown as potential exposure of database data due to ...

3.8CVSS7.9AI score0.00315EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder