CVE Tools

backclick

Communicationscommercial

10

Cumulative CVEs

1

Monthly snapshots

#80

Peak rank

Top products

Latest CVEs

The 10 most recently published vulnerabilities affecting backclick.

CVE-2022-44001An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed.9.8Nov 17, 2022
CVE-2022-44008An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly.6.5Nov 16, 2022
CVE-2022-44007An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user sessi...8.8Nov 16, 2022
CVE-2022-44006An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing fi...9.8Nov 16, 2022
CVE-2022-44005An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribe...5.3Nov 16, 2022
CVE-2022-44004An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set...9.8Nov 16, 2022
CVE-2022-44003An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.9.8Nov 16, 2022
CVE-2022-44002An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locat...6.1Nov 16, 2022
CVE-2022-44000An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server.9.8Nov 16, 2022
CVE-2022-43999An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server.9.8Nov 16, 2022