Kwoksys: >> Information Server >> 2.8.4 Security Vulnerabilities
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-12-06
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.
CVSS Score
6.5
EPSS Score
0.01
Published
2013-10-11