cbcvebase.

Dsk Dsknet vulnerabilities

5 known vulnerabilities affecting dsk/dsknet.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-24688P2HIGHCVSS 8.8v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24688 [HIGH] CWE-434 CVE-2022-24688: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestrict An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved b
nvd
CVE-2022-24690P3HIGHCVSS 8.2v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24690 [HIGH] CWE-89 CVE-2022-24690: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnera An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. (An unauthenticated attacker can discover the endpoint by abusing a Broken Access Co
nvd
CVE-2022-24691P3HIGHCVSS 7.1v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24691 [HIGH] CWE-89 CVE-2022-24691: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allow An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based.
nvd
CVE-2022-24689P4MEDIUMCVSS 5.3v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24689 [MEDIUM] CWE-307 CVE-2022-24689: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages (including personal data) without being authenticated. The collected information includes the badge numbers that operate as user login names. They have a PIN code. The PIN code is 4 digits an
nvd
CVE-2022-24692P4MEDIUMCVSS 5.4v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24692 [MEDIUM] CWE-79 CVE-2022-24692: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the gene An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side
nvd
Dsk Dsknet vulnerabilities | cvebase