Backclick Backclick

10 CVEs affecting Backclick Backclick. Latest disclosed: 2022-11-17. Critical: 6, High: 1.

Top CVEs affecting Backclick Backclick
CVESeverityScorePublishedSummary
CVE-2022-44001Critical9.82022-11-17An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed.
CVE-2022-44006Critical9.82022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthentica…
CVE-2022-44004Critical9.82022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password…
CVE-2022-44003Critical9.82022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection a…
CVE-2022-44000Critical9.82022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system comma…
CVE-2022-43999Critical9.82022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server.
CVE-2022-44007High8.82022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users in…
CVE-2022-44008Medium6.52022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat s…
CVE-2022-44002Medium6.12022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross…
CVE-2022-44005Medium5.32022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vuln…