← Back

Information Server

information_server

Vendor: Kwoksys • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-45326
1Kwoksys
1Information Server
Apr 23, 2025
Dec 6, 2022
N/A· v4
4.9 MEDIUM· v3
N/A· v2
An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.
CVE-2013-5028
1Kwoksys
1Information Server
Apr 29, 2026
Oct 11, 2013
N/A· v4
N/A· v3
6.5 MEDIUM· v2
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3)...Show more
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.Show less