A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter.
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter.
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter.
8.8CVSS
8.8AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.0005EPSS
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
4.3CVSS
4.7AI Score
0.0005EPSS
7.5CVSS
5.3AI Score
0.001EPSS