4 matches found
CVE-2021-27233
Mutare Voice (EVM) 3.x before 3.3.8 has an information disclosure on the admin portal Settings.asp where password information for external systems is visible in cleartext. Affected component: admin UI/settings page. Root cause: cleartext exposure of credentials in the admin portal. Impact: confid...
CVE-2021-27235
Mutare Voice (EVM) 3.x before 3.3.8 contains an insecure admin-portal export at diagzip.asp that allows unauthenticated users to export database tables. Root cause is a misconfigured export function without proper access controls, enabling potential data disclosure. Affected product: Mutare Voice...
CVE-2021-27236
Mutare Voice (EVM) 3.x before 3.3.8 is affected. The issue is an Unauthenticated Local File Inclusion via getfile.asp that can be leveraged to achieve Remote Code Execution. Affected component: getfile.asp in Mutare Voice; root cause: unauthenticated LFI. Impact: allows remote code execution with...
CVE-2021-27234
Mutare Voice (EVM) 3.x before 3.3.8 contains an SQL injection vulnerability in the web application, affecting Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp. The issue is caused by unsafe SQL query construction in the vulnerable pages. The connected sources do not prov...