CVE-2023-42243

Medium CVSS: 5.4

In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.

Vendor

Seling

Product

Visual Access Manager

CWE

CWE-89

Yayın Tarihi

2025-01-13 22:15:12

Güncelleme

2025-04-17 16:34:49

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Visual Access Manager MEDIUM Seling 2025

Referanslar

https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md

Benzer Kayıtlar

Medium

CVE-2023-42246

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.

Medium

CVE-2023-42247

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.

Medium

CVE-2023-42248

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbi…

Medium

CVE-2023-42249

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.

Medium

CVE-2023-42250

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.

Low

CVE-2023-42238

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQ…