CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

changingtec

rava_certificate_validation_system

4 known vulnerabilities · sorted by CVSS score

CVE-2022-39056

CRITICAL9.8

RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.

changingtec / rava_certificate_validation_system

Network

Published Oct 18, 2022

CVE-2022-39058

HIGH7.5

RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.

changingtec / rava_certificate_validation_system

Network

Published Oct 18, 2022

CVE-2022-39057

HIGH7.2

RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service.

changingtec / rava_certificate_validation_system

Network

Published Oct 18, 2022

CVE-2022-39055

MEDIUM5.3

RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.

changingtec / rava_certificate_validation_system

Network

Published Oct 18, 2022