Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2022-23167

Disclosure Date: June 09, 2022 (last updated October 07, 2023)
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-23169

Disclosure Date: June 09, 2022 (last updated February 23, 2025)
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-23168

Disclosure Date: June 09, 2022 (last updated February 23, 2025)
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0