Mobatime: Security Vulnerabilities
Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-06-05
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-06-05
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-06-05
Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-06-02
Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-06-02