Security Vulnerabilities - CVEs Published In March 2024
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-18
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-78: 'OS Command Injection' may allow RCE
CVSS Score
8.8
EPSS Score
0.007
Published
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-348: Use of Less Trusted Source may allow RCE
CVSS Score
8.8
EPSS Score
0.001
Published
2024-03-18