Tag
#sql
Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Hotel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.
Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.
Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.
Feberr version 13.4 suffers from an ignored default credential vulnerability.
Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.
Covid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.
Bhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: INTRALOG WMS Vulnerabilities: Cleartext Transmission of Sensitive Information, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an unauthenticated attacker located in the INTRALOG WMS network to decrypt and modify client-server communication, or potentially execute arbitrary code on the application servers. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Siemens INTRALOG WMS, are affected: Siemens INTRALOG WMS: Versions prior to V4 3.2 Vulnerability Overview 3.2.1 CLEARTEXT TRANSMISSION OF...