cbcvebase.

Lansweeper vulnerabilities

18 known vulnerabilities affecting lansweeper/lansweeper.

Total CVEs
18
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH6MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2019-13462P1CRITICALCVSS 9.1ExploitedPoCfixed in 7.1.117.42019-08-12
CVE-2019-13462 [CRITICAL] CWE-89 CVE-2019-13462: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
nvd
CVE-2020-14011P2CRITICALCVSS 9.8PoC≥ 6.0.0.19, ≤ 7.2.108.62020-06-15
CVE-2020-14011 [CRITICAL] CWE-1188 CVE-2020-14011: Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
nvd
CVE-2022-22149P2HIGHCVSS 8.8v9.1.20.22022-04-14
CVE-2022-22149 [HIGH] CWE-89 CVE-2022-22149: A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper la A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2022-21234P2HIGHCVSS 8.8v9.1.20.22022-04-14
CVE-2022-21234 [HIGH] CWE-89 CVE-2022-21234: An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2022-21210P2HIGHCVSS 8.8v9.1.20.22022-04-14
CVE-2022-21210 [HIGH] CWE-89 CVE-2022-21210: An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweepe An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2022-29517P2HIGHCVSS 8.8v10.1.1.02022-12-15
CVE-2022-29517 [HIGH] CWE-22 CVE-2022-29517: A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-32573P3HIGHCVSS 8.8v10.1.1.02022-12-15
CVE-2022-32573 [HIGH] CWE-22 CVE-2022-32573: A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweep A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-27498P3MEDIUMCVSS 6.5v10.1.1.02022-12-15
CVE-2022-27498 [MEDIUM] CWE-22 CVE-2022-27498: A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment f A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2017-16841P4MEDIUMCVSS 6.1PoCfixed in 6.0.100.942017-11-16
CVE-2017-16841 [MEDIUM] CWE-79 CVE-2017-16841: LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
nvd
CVE-2015-9264P3CRITICALCVSS 9.8≥ 4.0, ≤ 4.2.0.90≥ 5.0, ≤ 5.3.0.34+1 more2018-08-27
CVE-2015-9264 [CRITICAL] CWE-20 CVE-2015-9264: Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the adminis Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.
nvd
CVE-2022-21145P3MEDIUMCVSS 4.8v9.1.20.22022-04-14
CVE-2022-21145 [MEDIUM] CWE-80 CVE-2022-21145: A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansw A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2017-13706P3CRITICALCVSS 9.9≤ 6.0.100.292017-10-10
CVE-2017-13706 [CRITICAL] CWE-611 CVE-2017-13706: XML external entity (XXE) vulnerability in the import package functionality of the deployment module XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an X
nvd
CVE-2022-29511P3MEDIUMCVSS 6.5v10.1.1.02022-12-15
CVE-2022-29511 [MEDIUM] CWE-22 CVE-2022-29511: A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles funct A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2020-13658P3HIGHCVSS 8.0v8.0.130.172020-09-30
CVE-2020-13658 [HIGH] CWE-352 CVE-2020-13658: In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-leve In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application.
nvd
CVE-2022-32763P4MEDIUMCVSS 6.1v10.1.1.02022-12-15
CVE-2022-32763 [MEDIUM] CWE-184 CVE-2022-32763: A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functional A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-28703P4MEDIUMCVSS 5.4v10.1.1.02022-12-15
CVE-2022-28703 [MEDIUM] CWE-80 CVE-2022-28703: A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages fu A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2017-9292P4MEDIUMCVSS 6.1≤ 6.0.0.642017-05-29
CVE-2017-9292 [MEDIUM] CWE-79 CVE-2017-9292: Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.
nvd
CVE-2019-18955P4MEDIUMCVSS 6.1v7.2.105.22019-12-19
CVE-2019-18955 [MEDIUM] CWE-79 CVE-2019-18955: The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fix The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019.
nvd
Lansweeper vulnerabilities | cvebase