6 matches found
CVE-2023-21410
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing forarbitrary code execution.
CVE-2023-21408
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentialsthat are used in the integration interface towards 3rd party systems.
CVE-2023-21412
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing forSQL injections.
CVE-2023-21407
A broken access control was found allowing for privileged escalation of the operator account to gainadministrator privileges.
CVE-2023-21411
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing forarbitrary code execution.
CVE-2023-21409
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administratorcredentials allowing the configuration of the application.