Dsk Dsknet vulnerabilities
5 known vulnerabilities affecting dsk/dsknet.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-24688P2HIGHCVSS 8.8v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24688 [HIGH] CWE-434 CVE-2022-24688: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestrict
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved b
nvd
CVE-2022-24690P3HIGHCVSS 8.2v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24690 [HIGH] CWE-89 CVE-2022-24690: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnera
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. (An unauthenticated attacker can discover the endpoint by abusing a Broken Access Co
nvd
CVE-2022-24691P3HIGHCVSS 7.1v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24691 [HIGH] CWE-89 CVE-2022-24691: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allow
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based.
nvd
CVE-2022-24689P4MEDIUMCVSS 5.3v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24689 [MEDIUM] CWE-307 CVE-2022-24689: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages (including personal data) without being authenticated. The collected information includes the badge numbers that operate as user login names. They have a PIN code. The PIN code is 4 digits an
nvd
CVE-2022-24692P4MEDIUMCVSS 5.4v2.16.136.0v2.17.136.52022-07-18
CVE-2022-24692 [MEDIUM] CWE-79 CVE-2022-24692: An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the gene
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visible to every application user, and conduct session hijacking, account takeover, or malicious code delivery, with the final goal of achieving client-side
nvd