CVE-2018-5329

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...

Code injection

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

CVE-2018-5329

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...

Cross site request forgery (csrf)

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...

CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

CVE-2018-5328

CVE-2018-5328 affects ZUUSE BEIMS ContractorWeb .NET 5.18.0.0. The vulnerability allows access to multiple /UserManagement/ privileged modules without user authentication, enabling an attacker to perform unauthorized actions (demonstrated by editing user details). The root cause is insufficient a...

CVE-2018-5329

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...

CVE-2018-5329

CVE-2018-5329 concerns ZUUSE BEIMS ContractorWeb .NET 5.18.0.0, with a CSRF vulnerability on authenticated “/CWEBNET/” pages. The root cause is cross-site request forgery that can force state-changing actions such as creating users or changing an email, potentially compromising the web applicatio...

ZUUSE BEIMS ContractorWeb .NET SQL Injection Vulnerability

ZUUSE BEIMS ContractorWeb .NET is a suite of infrastructure management software from ZUUSE Australia. A SQL injection vulnerability exists in CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET version 5.18.0.0. A remote attacker could exploit this vulnerability to compromise a database or...

CVE-2017-17721

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter...

Sql injection

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter...

CVE-2017-17721

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter...

CVE-2017-17721

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter...

CVE-2017-17721

CVE-2017-17721 describes an SQL injection vulnerability in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0, specifically in WEBNET/WOSummary/List (CWEBNET/WOSummary/List). The underlying issue allows injection via multiple parameters: tradestatus, assetno, assignto, building, domain, jobtype, site, trade...