Lucene search
K
BadgermeterMonitool

4 matches found

CVE
CVE
added 2024/03/12 3:26 p.m.84 views

CVE-2024-1302

CVE-2024-1302 affects Badger Meter Monitool up to version 4.6.3 and earlier. The vulnerability allows a local attacker to manipulate the application’s file parameter to point to a log file, leading to exposure of sensitive data such as database credentials. Documents consistently describe an info...

7.3CVSS6.8AI score0.00488EPSS
CVE
CVE
added 2024/03/12 3:24 p.m.61 views

CVE-2024-1301

CVE-2024-1301 describes an SQL injection in Badger Meter Monitool affecting versions 4.6.3 and earlier. The vulnerability arises from allowably crafting input sent to the server via the j_username parameter, enabling a remote attacker to retrieve information stored in the database. Multiple conne...

9.8CVSS9.6AI score0.02165EPSS
CVE
CVE
added 2024/03/12 3:31 p.m.58 views

CVE-2024-1304

CVE-2024-1304 affects Badger Meter Monitool up to version 4.6.3 and earlier. The vulnerability is a cross-site scripting issue allowing a remote attacker to deliver a crafted JavaScript payload to an authenticated user, potentially hijacking the user’s browser session (partial impact on integrity...

6.3CVSS6AI score0.00669EPSS
CVE
CVE
added 2024/03/12 3:28 p.m.56 views

CVE-2024-1303

CVE-2024-1303 affects Badger Meter Monitool prior to 4.6.3. The root cause is an incorrect restriction that allows path traversal in the download-file function, enabling an authenticated attacker to retrieve arbitrary files from the device. Affected component: Monitool on compatible Badger Meter ...

6.5CVSS6.2AI score0.01041EPSS