Vulnerabilities > Globalnorthstar > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-16 CVE-2022-26959 SQL Injection vulnerability in Globalnorthstar Northstar Club Management 6.3
There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application.
network
low complexity
globalnorthstar CWE-89
critical
 9.8
9.8
2022-02-04 CVE-2021-29393 OS Command Injection vulnerability in Globalnorthstar Northstar Club Management 6.3
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.
network
low complexity
globalnorthstar CWE-78
critical
 9.8
9.8
2022-02-04 CVE-2021-29396 Incorrect Permission Assignment for Critical Resource vulnerability in Globalnorthstar Northstar Club Management 6.3
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.
network
low complexity
globalnorthstar CWE-732
critical
 9.8
9.8