Vulnerabilities > Assaabloy > Control ID Idsecure > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-05 CVE-2023-33367 SQL Injection vulnerability in Assaabloy Control ID Idsecure
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.
network
low complexity
assaabloy CWE-89
critical
 9.8
9.8
2023-08-03 CVE-2023-33371 Use of Hard-coded Credentials vulnerability in Assaabloy Control ID Idsecure
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.
network
low complexity
assaabloy CWE-798
critical
 9.8
9.8
2023-08-03 CVE-2023-33369 Path Traversal vulnerability in Assaabloy Control ID Idsecure
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service.
network
low complexity
assaabloy CWE-22
critical
 9.1
9.1