cbcvebase.

Teamplus Team + Pro vulnerabilities

6 known vulnerabilities affecting teamplus/team_+_pro.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-9921P2CRITICALCVSS 9.8≥ 13.5.0, < 14.0.02024-10-14
CVE-2024-9921 [CRITICAL] CWE-89 CVE-2024-9921: The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unau The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents.
nvd
CVE-2024-9922P3HIGHCVSS 7.5≥ 13.5.0, < 14.0.02024-10-14
CVE-2024-9922 [HIGH] CWE-23 CVE-2024-9922: The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing un The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
nvd
CVE-2022-35220P4MEDIUMCVSS 6.5≤ 3.011.6.0.12022-08-02
CVE-2022-35220 [MEDIUM] CWE-770 CVE-2022-35220: Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttli Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application.
nvd
CVE-2024-9923P4MEDIUMCVSS 4.9≥ 13.5.0, < 14.0.02024-10-14
CVE-2024-9923 [MEDIUM] CWE-23 CVE-2024-9923: The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing re The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.
nvd
CVE-2022-32958P4MEDIUMCVSS 6.5≤ 3.011.6.0.12022-07-20
CVE-2022-32958 [MEDIUM] CWE-770 CVE-2022-32958: A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that e A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.
nvd
CVE-2022-35221P4MEDIUMCVSS 5.4≤ 3.011.6.0.12022-08-02
CVE-2022-35221 [MEDIUM] CWE-770 CVE-2022-35221: Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulne Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.
nvd