Shodan
Vulnerabilities
Vulnerable Software
Advantech:  >> Webaccess/vpn  >> 1.0.1  Security Vulnerabilities
CVE-2025-34239
Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-11-06
CVE-2025-34240
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
CVSS Score
8.6
EPSS Score
0.0
Published
2025-11-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved