RSS   Vulnerabilities for 'Mik.starlight'   RSS

2021-08-31
 
CVE-2021-36231

CWE-502
 

 
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.

 
 
CVE-2021-36232

CWE-863
 

 
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.

 
 
CVE-2021-36233

CWE-552
 

 
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.

 
 
CVE-2021-36234

CWE-798
 

 
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.

 

 >>> Vendor: Unit4 3 Products
Prosoft hrms
Teta web
Mik.starlight


Copyright 2024, cxsecurity.com

 

Back to Top