Advantech: >> Webaccess/vpn Security Vulnerabilities
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-11-06
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-06
Page 2