Skip to main content

Aceweb Online Portal

5 CVEs product

Monthly

CVE-2022-24581 HIGH This Week

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24241 HIGH This Week

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aceweb Online Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24240 CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Aceweb Online Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24239 CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-24238 MEDIUM This Month

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aceweb Online Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
EPSS 1% CVSS 7.5
HIGH This Week

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aceweb Online Portal
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Aceweb Online Portal
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM This Month

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aceweb Online Portal
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy