Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-45924
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
Opentext Opentext Extended Ecm
7.5
CVSSv3
CVE-2022-45925
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and se...
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2022-45928
A remote OScript execution issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and execute...
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2022-45926
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
Opentext Opentext Extended Ecm
7.5
CVSSv3
CVE-2020-14864
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with...
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
8.8
CVSSv3
CVE-2019-11590
The 10Web Form Maker plugin prior to 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['...
10web Form Maker
5.4
CVSSv3
CVE-2022-44012
An issue exists in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager prior to 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and m...
Simmeth Lieferantenmanager
9.1
CVSSv3
CVE-2022-44013
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.
Simmeth Lieferantenmanager
6.5
CVSSv3
CVE-2022-44014
An issue exists in Simmeth Lieferantenmanager prior to 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.
Simmeth Lieferantenmanager
9.8
CVSSv3
CVE-2022-44015
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.
Simmeth Lieferantenmanager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »