Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sparkdevnetwork rock rms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-18642
Rock RMS version prior to 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be us...
Sparkdevnetwork Rock Rms
9.8
CVSSv3
CVE-2019-18641
Rock RMS prior to 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller.
Sparkdevnetwork Rock Rms
9.8
CVSSv3
CVE-2019-18643
Rock RMS versions prior to 8.10 and versions 9.0 up to and including 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This ...
Sparkdevnetwork Rock Rms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started