VYPR
Vendor

AMSS++

Products
1
CVEs
18
Across products
18
Status
Private

Products

1

Recent CVEs

18
  • CVE-2024-2599CriMar 18, 2024
    risk 0.64cvss 9.9epss 0.01

    File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.

  • CVE-2020-37141HigFeb 7, 2026
    risk 0.53cvss 8.2epss 0.00

    AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify…

  • CVE-2024-2592HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.00

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information…

  • CVE-2024-2591HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information…

  • CVE-2024-2590HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information…

  • CVE-2024-2589HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the…

  • CVE-2024-2588HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

  • CVE-2024-2587HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the…

  • CVE-2024-2586HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.

  • CVE-2024-2585HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the…

  • CVE-2024-2584HigMar 18, 2024
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information…

  • CVE-2020-37135HigFeb 7, 2026
    risk 0.49cvss 7.5epss 0.00

    AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.

  • CVE-2024-2598HigMar 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote…

  • CVE-2024-2597HigMar 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a…

  • CVE-2024-2596HigMar 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker…

  • CVE-2024-2595HigMar 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a…

  • CVE-2024-2594HigMar 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a…

  • CVE-2024-2593HigMar 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote…