MidnightBSD

Advisories for 4pace

CVE-2024-41511

A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.

Products Affected

Vendor Product Version
4pace cadclick *
CVE-2024-41512

A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.

Products Affected

Vendor Product Version
4pace cadclick 1.11.0
CVE-2024-41513

A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.

Products Affected

Vendor Product Version
4pace cadclick 1.11.0
CVE-2024-41514

A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.

Products Affected

Vendor Product Version
4pace cadclick 1.11.0
CVE-2024-41515

A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter.

Products Affected

Vendor Product Version
4pace cadclick *
CVE-2024-41516

A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter.

Products Affected

Vendor Product Version
4pace cadclick *
CVE-2025-25905

Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N 2.8 4.2

Products Affected

Vendor Product Version
4pace cadclick *