Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simmeth lieferantenmanager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44013
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.
Simmeth Lieferantenmanager
NA
CVE-2022-44014
An issue exists in Simmeth Lieferantenmanager prior to 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.
Simmeth Lieferantenmanager
NA
CVE-2022-44015
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.
Simmeth Lieferantenmanager
NA
CVE-2022-44016
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value.
Simmeth Lieferantenmanager
NA
CVE-2022-44017
An issue exists in Simmeth Lieferantenmanager prior to 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/#main can be used for this. This is due to the credentials not being cleaned from the local...
Simmeth Lieferantenmanager
NA
CVE-2022-44012
An issue exists in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager prior to 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and m...
Simmeth Lieferantenmanager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started