Lucene search
+L
AcewareAceweb Online Portal

5 matches found

CVE
CVE
added 2022/05/27 6:29 p.m.79 views

CVE-2022-24239

CVE-2022-24239 affects ACEweb Online Portal 3.5.065, with an unrestricted file upload vulnerability via attachments.awp. The vulnerability is documented across multiple sources (NVD, Red Hat, PRION, CNNVD, CVE list) and is rated with a high/critical impact (CVSS v3.1 base score 9.8, network attac...

9.8CVSS9.5AI score0.00973EPSS
CVE
CVE
added 2022/05/27 6:29 p.m.71 views

CVE-2022-24238

CVE-2022-24238 affects ACEweb Online Portal 3.5.065. The vulnerability is a Cross-Site Scripting (XSS) issue in the txtNmName1 parameter of awp/person.awp, originating from insufficient input/output validation. Impact described in sources: client-side JavaScript execution could be possible. The C...

6.1CVSS6AI score0.0052EPSS
CVE
CVE
added 2022/05/27 6:29 p.m.70 views

CVE-2022-24240

CVE-2022-24240 concerns ACEweb Online Portal 3.5.065. Multiple connected sources confirm a SQL injection vulnerability in ACEweb Online Portal, triggered by the criteria parameter in the file showschedule.awp (also spelled showschedule/​showschedule in some records). The underlying issue is unval...

9.8CVSS9.8AI score0.00866EPSS
CVE
CVE
added 2022/05/27 6:29 p.m.65 views

CVE-2022-24241

ACEweb Online Portal 3.5.065 is affected by an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. Root cause is an external file path/name handling issue that could affect confidentiality (per CVSS metrics), with CVSS v3.1 base score 7.5 (HIGH) ...

7.5CVSS7.5AI score0.00883EPSS
CVE
CVE
added 2022/05/27 6:29 p.m.55 views

CVE-2022-24581

CVE-2022-24581 affects ACEweb Online Portal 3.5.065. The issue allows unauthenticated users to trigger SMB hash disclosure by providing the UNC path of an external SMB share during file upload, causing the victim server to reveal the username and password hash of the ACEweb Online software user. ...

7.5CVSS7.5AI score0.00883EPSS