3 results (0.015 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. • https://www.twcert.org.tw/en/cp-139-8175-57245-2.html https://www.twcert.org.tw/tw/cp-132-8174-a17fd-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. • https://www.twcert.org.tw/en/cp-139-8173-f8bbc-2.html https://www.twcert.org.tw/tw/cp-132-8172-a02cc-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8171-29297-2.html https://www.twcert.org.tw/tw/cp-132-8170-48a4e-1.html • CWE-36: Absolute Path Traversal •