Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
backclick backclick 5.9.63 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-44001
An issue exists in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed.
Backclick Backclick 5.9.63
9.8
CVSSv3
CVE-2022-44000
An issue exists in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.
Backclick Backclick 5.9.63
9.8
CVSSv3
CVE-2022-44003
An issue exists in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.
Backclick Backclick 5.9.63
9.8
CVSSv3
CVE-2022-44006
An issue exists in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g....
Backclick Backclick 5.9.63
9.8
CVSSv3
CVE-2022-44004
An issue exists in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.
Backclick Backclick 5.9.63
9.8
CVSSv3
CVE-2022-43999
An issue exists in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server.
Backclick Backclick 5.9.63
8.8
CVSSv3
CVE-2022-44007
An issue exists in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an malicious user to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.
Backclick Backclick 5.9.63
6.5
CVSSv3
CVE-2022-44008
An issue exists in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly.
Backclick Backclick 5.9.63
6.1
CVSSv3
CVE-2022-44002
An issue exists in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations.
Backclick Backclick 5.9.63
5.3
CVSSv3
CVE-2022-44005
An issue exists in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other person...
Backclick Backclick 5.9.63
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started