CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30922 – DerbyNet 9.0 print/render/award.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. ... DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30928 – DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc La vulnerabilidad de inyección SQL en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar comandos SQL arbitrarios a través del parámetro 'classids' en ajax/query.slide.next.inc DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-30929 – DerbyNet 9.0 playlist.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30929
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php La vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario a través del parámetro "atrás" en playlist.php DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-30927 – DerbyNet 9.0 racer-results.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30927
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-30926 – DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30926
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the . • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •