5 matches found
CVE-2022-24239
CVE-2022-24239 affects ACEweb Online Portal 3.5.065, with an unrestricted file upload vulnerability via attachments.awp. The vulnerability is documented across multiple sources (NVD, Red Hat, PRION, CNNVD, CVE list) and is rated with a high/critical impact (CVSS v3.1 base score 9.8, network attac...
CVE-2022-24238
CVE-2022-24238 affects ACEweb Online Portal 3.5.065. The vulnerability is a Cross-Site Scripting (XSS) issue in the txtNmName1 parameter of awp/person.awp, originating from insufficient input/output validation. Impact described in sources: client-side JavaScript execution could be possible. The C...
CVE-2022-24240
CVE-2022-24240 concerns ACEweb Online Portal 3.5.065. Multiple connected sources confirm a SQL injection vulnerability in ACEweb Online Portal, triggered by the criteria parameter in the file showschedule.awp (also spelled showschedule/showschedule in some records). The underlying issue is unval...
CVE-2022-24241
ACEweb Online Portal 3.5.065 is affected by an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. Root cause is an external file path/name handling issue that could affect confidentiality (per CVSS metrics), with CVSS v3.1 base score 7.5 (HIGH) ...
CVE-2022-24581
CVE-2022-24581 affects ACEweb Online Portal 3.5.065. The issue allows unauthenticated users to trigger SMB hash disclosure by providing the UNC path of an external SMB share during file upload, causing the victim server to reveal the username and password hash of the ACEweb Online software user. ...