Aceware

aceware

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Aceweb Online Portal

aceweb_online_portal

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24581 1Aceware 1Aceweb Online Portal Jun 17, 2026 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the usern...Show more ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.Show less
CVE-2022-24241 1Aceware 1Aceweb Online Portal Jun 17, 2026 Jun 2, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
CVE-2022-24240 1Aceware 1Aceweb Online Portal Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
CVE-2022-24239 1Aceware 1Aceweb Online Portal Jun 17, 2026 Jun 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
CVE-2022-24238 1Aceware 1Aceweb Online Portal Jun 17, 2026 Jun 2, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.