Calvin Phang

**Name of the Vulnerable Software and Affected Versions** SevOne Network Management System versions up to 5.7.2.22 **Description** A critical issue has been discovered that affects the Traceroute Handler, specifically the file `traceroute.php`. This issue leads to privilege escalation through command injection and can be initiated remotely. **Recommendations** For versions up to 5.7.2.22, as a temporary workaround, consider restricting access to the `traceroute.php` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SevOne Network Management System versions up to 5.7.2.22 **Description** A critical issue was found in the Alert Summary component, allowing for sql injection through remote manipulation. **Recommendations** For SevOne Network Management System versions up to 5.7.2.22, consider restricting access to the Alert Summary component to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SevOne Network Management System versions up to 5.7.2.22 **Description** A critical issue has been found in the Device Manager Page, where an injection leads to privilege escalation. The attack may be initiated remotely. **Recommendations** For versions up to 5.7.2.22, consider restricting access to the Device Manager Page until a fix is available. As a temporary workaround, avoid using the Device Manager Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.