Vulnerabilities > Mobatime

DATE CVE VULNERABILITY TITLE RISK
2023-06-05 CVE-2023-3064 Insecure Storage of Sensitive Information vulnerability in Mobatime Amxgt 100
Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
network
low complexity
mobatime CWE-922
5.3
5.3
2023-06-05 CVE-2023-3065 Improper Authentication vulnerability in Mobatime Amxgt 100
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
network
low complexity
mobatime CWE-287
critical
 9.1
9.1
2023-06-05 CVE-2023-3066 Authorization Bypass Through User-Controlled Key vulnerability in Mobatime Amxgt 100
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20.
network
low complexity
mobatime CWE-639
8.1
8.1
2023-06-02 CVE-2023-3032 Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web Application
Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22.
network
low complexity
mobatime CWE-434
8.8
8.8
2023-06-02 CVE-2023-3033 Incorrect Authorization vulnerability in Mobatime web Application
Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.
network
low complexity
mobatime CWE-863
8.8
8.8