cbcvebase.

Globalnorthstar Northstar Club Management vulnerabilities

7 known vulnerabilities affecting globalnorthstar/northstar_club_management.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-29393P2CRITICALCVSS 9.8v6.32022-02-04
CVE-2021-29393 [CRITICAL] CWE-78 CVE-2021-29393: Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.
nvd
CVE-2021-29396P2CRITICALCVSS 9.8v6.32022-02-04
CVE-2021-29396 [CRITICAL] CWE-732 CVE-2021-29396: Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows rem Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.
nvd
CVE-2022-26959P3CRITICALCVSS 9.8v6.32022-09-16
CVE-2022-26959 [CRITICAL] CWE-89 CVE-2022-26959: There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation
nvd
CVE-2021-29395P3HIGHCVSS 7.5v6.32022-02-04
CVE-2021-29395 [HIGH] CWE-22 CVE-2021-29395: Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Cl Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.
nvd
CVE-2021-29397P3HIGHCVSS 7.5v6.32022-02-04
CVE-2021-29397 [HIGH] CWE-319 CVE-2021-29397: Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technolog Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.
nvd
CVE-2021-29394P3MEDIUMCVSS 6.5v6.32022-02-04
CVE-2021-29394 [MEDIUM] CWE-863 CVE-2021-29394: Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Clu Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.
nvd
CVE-2021-29398P4MEDIUMCVSS 5.3v6.32022-02-04
CVE-2021-29398 [MEDIUM] CWE-22 CVE-2021-29398: Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technolog Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application.
nvd
Globalnorthstar Northstar Club Management vulnerabilities | cvebase