Gabor Szivos

#13922of 53,633
19.3Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2022-19523
4.9
2022-04-15
Kentico · Kentico Cms · CVE-2022-29287
**Name of the Vulnerable Software and Affected Versions** Kentico CMS versions prior to 13.0.66 **Description** The issue allows an attacker with user management rights, such as an Administrator, to export the user options of any user, including those with higher privileges like Global Administrators. The exported XML contains every option of the exported user, including the hashed password. **Recommendations** For versions prior to 13.0.66, update to version 13.0.66 or later to resolve the issue. As a temporary workaround, consider restricting user management rights to prevent unauthorized access to user options.
PT-2021-22989
7.2
2021-12-08
Genesys · Genesys Iwd · CVE-2021-40860
**Name of the Vulnerable Software and Affected Versions** Genesys intelligent Workload Distribution (IWD) versions prior to 9.0.013.11 **Description** A SQL Injection issue in the custom filter query component allows an attacker to execute arbitrary SQL queries via the `ql expression` parameter. This enables the extraction of all data in the database and potentially allows OS command execution, depending on the permissions and/or database engine. **Recommendations** For versions prior to 9.0.013.11, update to version 9.0.013.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the custom filter query component to minimize the risk of exploitation. Avoid using the `ql expression` parameter in the affected component until the issue is resolved.
PT-2021-22990
7.2
2021-12-08
Genesys · Genesys Intelligent Workload Distribution · CVE-2021-40861
**Name of the Vulnerable Software and Affected Versions** Genesys intelligent Workload Distribution (IWD) version 9.0.017.07 **Description** A SQL Injection issue in the custom filter query component allows an attacker to execute arbitrary SQL queries via the `value` attribute. This enables the extraction of all data in the database and potentially allows OS command execution, depending on the permissions and/or database engine. **Recommendations** For Genesys intelligent Workload Distribution (IWD) version 9.0.017.07, consider restricting access to the custom filter query component to minimize the risk of exploitation. Avoid using the `value` attribute in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.