16 matches found
CVE-2024-2588
CVE-2024-2588 concerns AMSS++ v4.31 with an SQL injection in the /amssplus/admin/index.php endpoint via the id parameter. Exploitation could allow a remote attacker to craft SQL queries and retrieve data from the database. The connected sources consistently describe the vulnerability as SQLi in t...
CVE-2024-2597
AMSS++ 4.31 is affected by an XSS vulnerability in the /amssplus/modules/book/main/bookdetail_school_person.php endpoint, via the b_id parameter. The issue arises from insufficient encoding of user-controlled input, allowing a remote attacker to craft a URL that could be delivered to an authentic...
CVE-2024-2591
CVE-2024-2591 affects AMSS++ 4.31. The AMSS++ web endpoint /amssplus/modules/book/main/bookdetail_group.php is vulnerable to SQL injection via multiple parameters, enabling remote attackers to craft queries that can extract data from the database. The available documents consistently describe the...
CVE-2024-2598
CVE-2024-2598 affects AMSS++ version 4.31, with a Cross-Site Scripting (XSS) vulnerability due to insufficient encoding of user-controlled input in multiple parameters of the /amssplus/modules/book/main/select_send_2.php endpoint. Exploitation could allow a remote attacker to lure an authenticate...
CVE-2024-2589
AMSS++ 4.31 is affected by an SQL injection in the endpoint /amssplus/modules/book/main/bookdetail_school_person.php across multiple parameters. Remote attackers could craft queries to retrieve information from the database. The sources describe the vulnerability and general impact but do not pro...
CVE-2024-2595
AMSS++ 4.31 is affected by an XSS vulnerability in the bookdetail_khet_person.php endpoint, via the b_id parameter in /amssplus/modules/book/main/. The issue arises from insufficient encoding of user-controlled input, enabling an attacker to craft a URL that, when visited by an authenticated user...
CVE-2024-2596
AMSS++ 4.31 is affected by a Cross-Site Scripting (XSS) vulnerability in multiple parameters of the /amssplus/modules/mail/main/select_send.php endpoint due to insufficient encoding of user-supplied input. This could allow a remote attacker to supply a crafted URL to an authenticated user and ste...
CVE-2024-2592
The CVE-2024-2592 issue affects AMSS++ v4.31, where the vulnerability exists in the /amssplus/modules/person/pic_show.php endpoint, specifically the person_id parameter, leading to SQL injection that could allow an attacker to retrieve the database contents. The root cause is an injectable parame...
CVE-2024-2594
AMSS++ 4.31 is affected by a Cross-Site Scripting (XSS) vulnerability due to insufficient encoding of user-controlled input in multiple parameters on /amssplus/admin/index.php. Root cause: input is not properly encoded, enabling a remote attacker to craft a URL that, when visited by an authentica...
CVE-2024-2599
CVE-2024-2599 concerns AMSS++ 4.31 with a file upload restriction evasion vulnerability. Affected component: AMSS++ web upload handling; root cause described as bypassing upload restrictions, enabling an authenticated user to potentially obtain remote code execution via a webshell, compromising t...
CVE-2024-2590
AMSS++ 4.31 is affected by an SQL injection in the sd_index parameter of /amssplus/modules/mail/main/select_send.php. The issue allows a remote attacker to craft SQL queries to the database and exfiltrate data. Several connected sources (including PT-2024-21192 and CVE records) corroborate the vu...
CVE-2024-2584
CVE-2024-2584 affects AMSS++ version 4.31. Affected component: the web path /amssplus/modules/book/main/select_send.php, parameter sd_index . Underlying issue: SQL injection vulnerability that could allow a remote attacker to craft a query and retrieve data from the database. Impact as stated: hi...
CVE-2024-2593
Summary: CVE-2024-2593 affects AMSS++ 4.31 and is caused by insufficient encoding in the b_id parameter of /amssplus/modules/book/main/bookdetail_group.php, enabling an XSS vulnerability. A remote attacker can lure an authenticated user to a crafted URL to steal session cookie credentials. The co...
CVE-2024-2585
CVE-2024-2585 affects AMSS++ v4.31. The vulnerability is an SQL injection via the sd_index parameter in /amssplus/modules/book/main/select_send_2.php, allowing a remote attacker to craft queries and potentially retrieve all data from the database. Public documents consistently describe this as a ...
CVE-2024-2586
AMSS++ v4.31 is affected by CVE-2024-2586 due to an SQL injection in the username parameter of /amssplus/index.php, allowing an attacker to craft a query to retrieve data from the database. The vulnerability is network-based with low exploit complexity, and the impact is on confidentiality (high)...
CVE-2024-2587
AMSS++ 4.31 is affected by a SQL injection vulnerability in the page /amssplus/modules/book/main/bookdetail_khet_person.php, exploitable via multiple parameters. The weakness could allow a remote attacker to send crafted SQL payloads and retrieve information stored in the database. The CVE entry ...