CVE-2019-19994

The CVE-2019-19994 entry concerns Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29. It describes a vulnerability in the PHP page /common/vam_monitor_sap.php that allows blind command injection. The issue can be exploited by an attacker without authentication to execute arbitrary o...

CVE-2023-50811

SELESTA Visual Access Manager 4.38.6 is affected by CVE-2023-50811. The vulnerability allows an attacker to modify the POST parameter named “computer” that encodes the ID of a specific reception via HTTP POST interception. By iterating this parameter, an attacker can gain access to the applicatio...

CVE-2019-19991

CVE-2019-19991 concerns Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29, where multiple reflected XSS flaws are exploitable by remote authenticated users. The vulnerabilities affect specific web pages: /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz...

CVE-2019-19992

The CVE refers to Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29. The vulnerability arises from /common/vam_editXml.php not validating the file-name parameter, allowing an authenticated user to read arbitrary XML files from the server filesystem via the web interface. This is a ...

CVE-2023-42245

CVE-2023-42245 affects Selesta Visual Access Manager versions prior to 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) issue reachable via the monitor/s_scheduledfile.php endpoint. The available connected documents consistently identify the affected component and the vulnerable file pat...

CVE-2019-19988

The CVE-2019-19988 issue affects Selesta Visual Access Manager (VAM) versions 4.15.0–4.29. An authenticated user can create and write arbitrary files on the filesystem via the web interface, by manipulating the file name, destination path, or extension in /common/vam_editXml.php. The vulnerable p...

CVE-2023-42244

Selesta Visual Access Manager (VAM) prior to 4.42.2 is affected by CVE-2023-42244 due to a SQL Injection vulnerability in multiple POST parameters of /vam/vam_visits.php. An authenticated attacker with LOW privileges and no user interaction can exploit this to impact confidentiality, integrity, a...

CVE-2019-19986

The CVE-2019-19986 entry affects Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29. An unauthenticated attacker can inject the persoid parameter in /tools/VamPersonPhoto.php to execute arbitrary SQL SELECT statements. The vulnerability is described as error-based SQL injection. Pub...

CVE-2019-19990

CVE-2019-19990 concerns a stored XSS vulnerability in Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29. The issue enables remote authenticated users to inject arbitrary web script/HTML via the pages /monitor/s_headmodel.php and /vam/vam_user.php , due to lack of proper validation ...

CVE-2023-42250

CVE-2023-42250 concerns Selesta Visual Access Manager versions prior to 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) flaw that can be triggered via the endpoint /common/autocomplete.php due to inadequate input handling. Several sources corroborate an XSS risk, with the root cause des...

CVE-2019-19993

Selesta Visual Access Manager (VAM) 4.15.0–4.29.x contains a full path disclosure vulnerability. An unauthenticated attacker can send arbitrary content to vulnerable pages, causing error messages that reveal full filesystem paths. Impact described as confidentiality exposure (partial). Root cause...

CVE-2019-19987

CVE-2019-19987 affects Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29.0. The vulnerability is a Cross-Site Request Forgery (CSRF) in the web application’s handling of HTML forms, allowing an attacker to abuse functions such as change password, add user, and add privilege. Root c...

CVE-2023-42246

CVE-2023-42246 concerns Selesta Visual Access Manager versions before 4.42.2. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the /vam/vam_ep.php endpoint. Impact details are limited to XSS with no exploit conditions provided; CVSS v3.1 base score 6.1 (MEDIUM). Affected/fix...

CVE-2023-42247

Selesta Visual Access Manager prior to version 4.42.2 is documented as vulnerable to cross-site scripting (XSS) via the endpoint monitor/s_monitor_map.php. The CVE-2023-42247 entry notes a CVSS v3.1 base score of 6.1 (Medium) with privileges required: None and user interaction required, affecting...

CVE-2023-42249

CVE-2023-42249 affects Selesta Visual Access Manager prior to version 4.42.2. The vulnerability is a Cross Site Scripting (XSS) in the vam_visits.php endpoint. Affected versions are

CVE-2019-19989

Selesta Visual Access Manager (VAM) versions 4.15.0–4.29 contain an unauthorized access issue where several PHP pages and other file types are reachable without checking user identity or authorization. Root cause: lack of access checks on these pages. Impact: potential exposure of PHP pages or fi...

CVE-2023-42237

Selesta Visual Access Manager (VAM) prior to 4.42.2 is affected by a SQL Injection vulnerability in multiple GET parameters of /vam/vam_i_command.php. The issue requires authentication and is described as an injectable condition in GET parameters, with the CVE noting a low base score (3.8/10) und...

CVE-2023-42240

CVE-2023-42240 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can trigger a SQL injection in multiple POST parameters of /monitor/s_scheduledfile.php. The connected sources consistently describe the issue as an authenticated SQL injection vulnerability in t...

CVE-2023-42238

CVE-2023-42238 affects Selesta Visual Access Manager (VAM). An authenticated attacker can exploit a SQL Injection in multiple POST parameters of the endpoint /vam/vam_eps.php. Affected versions are prior to 4.42.2. The issue is mitigated by upgrading to version 4.42.2 or later; as an interim meas...

CVE-2023-42239

CVE-2023-42239 affects Selesta Visual Access Manager (VAM) prior to version 4.42.2. Multiple connected sources confirm an authenticated SQL Injection vulnerability in POST parameters of the /vam/vam_ep.php endpoint. The issue arises from improper handling/validation of input, enabling an attacker...

CVE-2023-42243

In Selesta Visual Access Manager, versions prior to 4.42.2 are affected. An authenticated user can access the administrative page /common/vam_Sql.php and execute arbitrary SQL queries due to lack of validation of externally entered SQL statements. The impact is potential data exposure or modifica...

CVE-2023-42235

CVE-2023-42235 concerns Selesta Visual Access Manager (VAM) prior to 4.42.2. The issue is an authenticated SQL injection vulnerability in multiple parameters of the /monitor/s_normalizedtrans.php endpoint. Affected software: Selesta Visual Access Manager (VAM); vulnerable component: the /monitor/...

CVE-2023-42241

Vulnerability summary: Selesta Visual Access Manager (VAM) prior to 4.42.2 contains a SQL injection in multiple POST parameters of /vam/vam_anagraphic.php (authenticated access required). This is confirmed across multiple sources (Red Hat advisory, CVE entries, CNVD, CNNVD, CIRCL). Affected versi...

CVE-2023-42248

CVE-2023-42248 affects Selesta Visual Access Manager (VAM) prior to version 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page common/vam_Sql.php. The vulnerability is demonstrated across multiple sources (e.g., Red Hat, CNNVD, CVE databases) a...

CVE-2023-42236

The CVE-2023-42236 issue affects Selesta Visual Access Manager (VAM) before version 4.42.2. Multiple sources describe an authenticated SQL Injection in the GET parameter of /common/ajaxfunction.php, caused by lack of input validation. Impact is shown as potential exposure of database data due to ...

CVE-2023-42242

CVE-2023-42242 affects Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL injection in the GET parameter of /monitor/s_terminal.php, potentially impacting confidentiality and integrity (per CVSS: Low impact) without affecting availability. Affected vers...