Vulnerabilities > Setelsa Security

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-04	CVE-2023-4037	SQL Injection vulnerability in Setelsa-Security Conacwin 3.7.1.2 Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter. local low complexity setelsa-security CWE-89	5.5
2023-10-04	CVE-2023-3512	Path Traversal vulnerability in Setelsa-Security Conacwin 3.7.1.2/3.8.2.2 Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter. network low complexity setelsa-security CWE-22	7.5
2020-09-03	CVE-2020-25068	Path Traversal vulnerability in Setelsa-Security Conacwin 3.7.1.2 Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. network low complexity setelsa-security CWE-22	7.5

Vulnerabilities > Setelsa Security {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Setelsa Security"}]}