A remote attacker could exploit this vulnerability to execute arbitrary SQL commands and retrieve sensitive data.
In addition, this software was discovered to contain a cross-site request forgery (CSRF) vulnerability at /register.html; a malicious user could exploit this issue to execute arbitrary requests as if they were coming from another user.
Lastly, v1.0 of this software was discovered to be vulnerable to a stored cross-site scripting (XSS) at /changePassword.html; a malicious user could exploit this issue to execute arbitrary script code in the context of another user.
In addition, v1.0 of this software was discovered to have a SQL injection at /admin/delete.php; a remote attacker could exploit this issue to execute arbitrary SQL commands.
Ajax Tree Manager v2.2 was discovered to have a SQL injection vulnerability at /index.php; a remote attacker could exploit this issue to execute arbitrary SQL commands.
In addition, v2.2 of this software was discovered to be vulnerable to a stored cross-site scripting (XSS) at /delete.html; a malicious user could exploit this issue to execute arbitrary script code in the context of another user.
Ajax Tree Manager v2.2 was discovered to be vulnerable to a stored cross-site scripting (XSS) at /edit.html; a malicious user could exploit this issue to execute arbitrary script code in the context of another user.
Installation and company contact information for vendors of affected products
This software was discovered to contain a SQL injection vulnerability at /admin/delete.php; a remote attacker could exploit this issue to execute arbitrary SQL commands.
The vendor of this software is
Ajax Tree Manager Inc.,
P.O. Box 405,
Grand Rapids, MI 49501-0405, USA
Timeline
Published on: 08/30/2022 21:15:00 UTC
Last modified on: 09/01/2022 07:01:00 UTC