VYPR
Vendor

Audimex

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2023-36361CriSep 5, 2023
    risk 0.64cvss 9.8epss 0.01

    Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.

  • CVE-2024-51162HigNov 20, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility…

  • CVE-2020-28115HigNov 5, 2020
    risk 0.57cvss 8.8epss 0.01

    SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.

  • CVE-2023-39558MedAug 29, 2023
    risk 0.40cvss 6.1epss 0.00

    AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.

  • CVE-2024-30889MedJun 4, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters.

  • CVE-2023-46396MedOct 25, 2023
    risk 0.35cvss 5.4epss 0.00

    Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters.

  • CVE-2020-28047MedNov 5, 2020
    risk 0.35cvss 5.4epss 0.01

    AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to…

  • CVE-2023-39559MedAug 29, 2023
    risk 0.34cvss 5.3epss 0.01

    AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability.