6 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. • https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution. • https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution. • https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. • https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. • https://www.axis.com/dam/public/0b/1c/96/cve-2023-2140712-en-US-409778.pdf • CWE-755: Improper Handling of Exceptional Conditions •