Maarch
by Maarch
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37773 | 0.00 | — | 0.01 | Nov 22, 2022 | An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. | |||
| CVE-2022-37774 | 0.00 | — | 0.01 | Nov 22, 2022 | There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's… | |||
| CVE-2019-15854 | 0.00 | — | 0.01 | Jan 17, 2020 | An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource. | |||
| CVE-2019-15855 | 0.00 | — | 0.02 | Jan 17, 2020 | An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service. | |||
| CVE-2006-5492 | 0.00 | — | 0.01 | Oct 25, 2006 | Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." |
- CVE-2022-37773Nov 22, 2022risk 0.00cvss —epss 0.01
An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.
- CVE-2022-37774Nov 22, 2022risk 0.00cvss —epss 0.01
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's…
- CVE-2019-15854Jan 17, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource.
- CVE-2019-15855Jan 17, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service.
- CVE-2006-5492Oct 25, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants."