Deltaww: Security Vulnerabilities
SQL injection vulnerability exists in GetDIAE_usListParameters.
CVSS Score
8.8
EPSS Score
0.088
Published
2024-04-01
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
CVSS Score
8.1
EPSS Score
0.007
Published
2024-03-21
SQL injection vulnerability exists in GetDIAE_astListParameters.
CVSS Score
8.8
EPSS Score
0.085
Published
2024-03-21
Improper neutralization of input within the affected product could lead to cross-site scripting.
CVSS Score
4.6
EPSS Score
0.003
Published
2024-03-21
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
CVSS Score
8.1
EPSS Score
0.006
Published
2024-03-21
SQL injection vulnerability exists in GetDIAE_unListParameters.
CVSS Score
8.8
EPSS Score
0.085
Published
2024-03-21
SQL injection vulnerability exists in GetDIAE_slogListParameters.
CVSS Score
8.8
EPSS Score
0.085
Published
2024-03-21
SQL injection vulnerability exists in the script Handler_CFG.ashx.
CVSS Score
8.8
EPSS Score
0.085
Published
2024-03-21
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-03-21
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.
CVSS Score
8.8
EPSS Score
0.085
Published
2024-03-21