Under certain conditions, access to service libraries is granted to account they should not have access to.

Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.

Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php.

Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.

In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).

System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: •     Wi-Fi access point credentials to which the EV charger can connect. •     APN web address and credentials. •     IPSEC credentials…

A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been dis…