Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
CVE-2024-2586
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
CVE-2024-2587
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
CVE-2024-2588
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-03-18
CVE-2024-27772
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE
CVSS Score
8.8
EPSS Score
0.007
Published
2024-03-18
CVE-2024-27773
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE
CVSS Score
8.8
EPSS Score
0.001
Published
2024-03-18
CVE-2024-27774
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-18
CVE-2024-28537
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-03-18
CVE-2024-27767
CWE-287: Improper Authentication may allow Authentication Bypass
CVSS Score
10.0
EPSS Score
0.0
Published
2024-03-18
CVE-2024-27768
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
CVSS Score
9.8
EPSS Score
0.001
Published
2024-03-18
CVE-2024-27769
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices
CVSS Score
8.8
EPSS Score
0.001
Published
2024-03-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved