Lucene search

Aceware Security Vulnerabilities

cve

CVE-2022-24238

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in...

6.1CVSS

6AI Score

0.001EPSS

2022-06-02 02:15 PM

cve

CVE-2022-24240

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in...

9.8CVSS

9.8AI Score

0.002EPSS

2022-06-02 02:15 PM

cve

CVE-2022-24239

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via...

9.8CVSS

9.5AI Score

0.002EPSS

2022-06-02 02:15 PM

cve

CVE-2022-24241

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in...

7.5CVSS

7.5AI Score

0.001EPSS

2022-06-02 02:15 PM

cve

CVE-2022-24581

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online...

7.5CVSS

7.6AI Score

0.001EPSS

2022-06-02 02:15 PM