Backclick Backclick
10 CVEs affecting Backclick Backclick. Latest disclosed: 2022-11-17. Critical: 6, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-44001 | Critical | 9.8 | 2022-11-17 | An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. |
CVE-2022-44006 | Critical | 9.8 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthentica… |
CVE-2022-44004 | Critical | 9.8 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password… |
CVE-2022-44003 | Critical | 9.8 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection a… |
CVE-2022-44000 | Critical | 9.8 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system comma… |
CVE-2022-43999 | Critical | 9.8 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server. |
CVE-2022-44007 | High | 8.8 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users in… |
CVE-2022-44008 | Medium | 6.5 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat s… |
CVE-2022-44002 | Medium | 6.1 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross… |
CVE-2022-44005 | Medium | 5.3 | 2022-11-16 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vuln… |