Skip to main content

Queuemetrics

6 CVEs product

Monthly

CVE-2024-42343 HIGH This Week

Loway - CWE-204: Observable Response Discrepancy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Queuemetrics
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-42342 MEDIUM This Month

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Queuemetrics
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42341 MEDIUM This Month

Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Queuemetrics
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2020-13127 HIGH POC This Week

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Queuemetrics
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15947 HIGH This Week

A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Queuemetrics
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-15925 HIGH This Week

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Queuemetrics
NVD
CVSS 3.1
8.8
EPSS
1.1%
EPSS 0% CVSS 7.5
HIGH This Week

Loway - CWE-204: Observable Response Discrepancy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Queuemetrics
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Queuemetrics
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Queuemetrics
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Queuemetrics
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Queuemetrics
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Queuemetrics
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy