cbcvebase.

Uniguest Tripleplay vulnerabilities

7 known vulnerabilities affecting uniguest/tripleplay.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-50704P2CRITICALCVSS 10.0fixed in 24.1.2v24.22025-03-04
CVE-2024-50704 [CRITICAL] CWE-94 CVE-2024-50704: Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remo Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.
nvd
CVE-2024-50707P2CRITICALCVSS 10.0fixed in 24.1.2v24.22025-03-04
CVE-2024-50707 [CRITICAL] CWE-94 CVE-2024-50707: Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remo Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.
nvd
CVE-2024-50706P2CRITICALCVSS 9.8≥ 23.1, < 24.1.2v24.22025-03-04
CVE-2024-50706 [CRITICAL] CWE-89 CVE-2024-50706: Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attac Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.
nvd
CVE-2023-25760P3HIGHCVSS 8.8v3.4.02023-04-19
CVE-2023-25760 [HIGH] CWE-522 CVE-2023-25760: Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
nvd
CVE-2023-25759P3MEDIUMCVSS 5.4v3.4.02023-04-19
CVE-2023-25759 [MEDIUM] CWE-78 CVE-2023-25759: OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.
nvd
CVE-2024-50705P4HIGHCVSS 7.1fixed in 24.1.2v24.22025-03-04
CVE-2024-50705 [HIGH] CWE-352 CVE-2024-50705: Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24. Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.
nvd
CVE-2023-26599P4MEDIUMCVSS 6.1v3.4.02023-04-19
CVE-2023-26599 [MEDIUM] CWE-79 CVE-2023-26599: XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attack XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.
nvd
Uniguest Tripleplay vulnerabilities | cvebase