CVE-2022-27498
https://notcve.org/view.php?id=CVE-2022-27498
A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. Existe una vulnerabilidad de directory traversal en la funcionalidad TicketTemplateActions.aspx GetTemplateAttachment de Lansweeper lansweeper 10.1.1.0. Una solicitud HTTP especialmente manipulada puede provocar la lectura de archivos arbitrarios. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1531 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-22149
https://notcve.org/view.php?id=CVE-2022-22149
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de inyección SQL en la funcionalidad HelpdeskEmailActions.aspx de Lansweeper lansweeper versión 9.1.20.2. Una petición HTTP especialmente diseñada puede causar una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1441 https://www.lansweeper.com/changelog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-21234
https://notcve.org/view.php?id=CVE-2022-21234
An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de inyección SQL en la funcionalidad EchoAssets.aspx de Lansweeper lansweeper versión 9.1.20.2. Una petición HTTP especialmente diseñada puede causar una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1443 https://www.lansweeper.com/changelog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-21210
https://notcve.org/view.php?id=CVE-2022-21210
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de inyección SQL en la funcionalidad AssetActions.aspx de Lansweeper lansweeper versión 9.1.20.2. Una petición HTTP especialmente diseñada puede causar una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1444 https://www.lansweeper.com/changelog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-21145
https://notcve.org/view.php?id=CVE-2022-21145
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de tipo Cross-site scripting almacenada en la funcionalidad WebUserActions.aspx de Lansweeper lansweeper versión 9.1.20.2. Una petición HTTP especialmente diseñada puede conllevar a una inyección de código Javascript arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1442 https://www.lansweeper.com/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •