8.8
CVE-2022-50590 - SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the…
9.3
CVE-2022-50589 - SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality
SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.
9.3
CVE-2022-50596 - D-Link DIR-1260 <= v1.20B05 GetDeviceSettings Unauthenticated Command Injection
D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within t…
9.3
CVE-2022-50595 - Advantech iView < v5.7.04 Build 6425 ztp_search_value Parameter SQL Injection RCE
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful …
8.8
CVE-2022-50591 - Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exp…
9.3
CVE-2022-50593 - Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful explo…
9.3
CVE-2022-50592 - Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Succe…
8.8
CVE-2022-50594 - Advantech iView < v5.7.04 Build 6425 data Parameter SQL Injection Information Disclosure
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation…
5.1
CVE-2025-34247 - Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.
5.3
CVE-2025-34246 - Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.