MidnightBSD

Advisories for webvendome_project

CVE-2022-36787

webvendome - webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.

Products Affected

Vendor Product Version
webvendome_project webvendome 1.0
CVE-2022-39178

Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure.

Products Affected

Vendor Product Version
webvendome_project webvendome 1.0