Teamplus: Security Vulnerabilities
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-10-14
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-10-14
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-10-14
Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application.
CVSS Score
7.7
EPSS Score
0.004
Published
2022-08-02
Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-08-02
A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.
CVSS Score
7.7
EPSS Score
0.003
Published
2022-07-20