Vulnerabilities (CVE)

Filtered by vendor Aceware Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24581 1 Aceware 1 Aceweb Online Portal 2024-11-21 5.0 MEDIUM 7.5 HIGH
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
CVE-2022-24241 1 Aceware 1 Aceweb Online Portal 2024-11-21 5.0 MEDIUM 7.5 HIGH
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
CVE-2022-24240 1 Aceware 1 Aceweb Online Portal 2024-11-21 7.5 HIGH 9.8 CRITICAL
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
CVE-2022-24239 1 Aceware 1 Aceweb Online Portal 2024-11-21 7.5 HIGH 9.8 CRITICAL
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
CVE-2022-24238 1 Aceware 1 Aceweb Online Portal 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.