Filtered by vendor Myq-solution
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22076 | 1 Myq-solution | 1 Print Server | 2024-02-28 | N/A | 9.8 CRITICAL |
| MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. | |||||
| CVE-2023-27107 | 1 Myq-solution | 2 Central Server, Print Server | 2024-02-28 | N/A | 8.8 HIGH |
| Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL. | |||||
| CVE-2021-31769 | 1 Myq-solution | 1 Myq Server | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. | |||||