Gplhost: >> Domain Technologie Control >> 0.29.10 Security Vulnerabilities
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
CVSS Score
7.5
EPSS Score
0.011
Published
2011-03-07
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.
CVSS Score
5.0
EPSS Score
0.008
Published
2011-03-07
The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
5.0
EPSS Score
0.008
Published
2011-03-07
shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.
CVSS Score
4.0
EPSS Score
0.012
Published
2011-03-07
Page 2