Audimex
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36361 | Cri | 0.64 | 9.8 | 0.01 | Sep 5, 2023 | Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. | ||
| CVE-2024-51162 | Hig | 0.57 | 8.8 | 0.01 | Nov 20, 2024 | An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility… | ||
| CVE-2020-28115 | Hig | 0.57 | 8.8 | 0.01 | Nov 5, 2020 | SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. | ||
| CVE-2023-39558 | Med | 0.40 | 6.1 | 0.00 | Aug 29, 2023 | AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component. | ||
| CVE-2024-30889 | Med | 0.35 | 5.4 | 0.00 | Jun 4, 2024 | Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters. | ||
| CVE-2023-46396 | Med | 0.35 | 5.4 | 0.00 | Oct 25, 2023 | Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters. | ||
| CVE-2020-28047 | Med | 0.35 | 5.4 | 0.01 | Nov 5, 2020 | AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to… | ||
| CVE-2023-39559 | Med | 0.34 | 5.3 | 0.01 | Aug 29, 2023 | AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. |
- risk 0.64cvss 9.8epss 0.01
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
- risk 0.57cvss 8.8epss 0.01
An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility…
- risk 0.57cvss 8.8epss 0.01
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
- risk 0.40cvss 6.1epss 0.00
AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters.
- risk 0.35cvss 5.4epss 0.00
Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters.
- risk 0.35cvss 5.4epss 0.01
AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to…
- risk 0.34cvss 5.3epss 0.01
AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability.