qwell

7 exploits Active since Nov 2023
CVE-2023-6342 WRITEUP MEDIUM WRITEUP
Tyler Technologies Court Case Management Plus - Auth Bypass
Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.
CVSS 5.3
CVE-2023-6343 WRITEUP MEDIUM WRITEUP
Tyler Technologies Court Case Management Plus - Info Disclosure
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is similar to CVE-2020-9323. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.
CVSS 5.3
CVE-2023-6344 WRITEUP MEDIUM WRITEUP
Tyler Technologies Court Case Management Plus - Path Traversal
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate directories using the tiffserver/te003.aspx or te004.aspx 'ifolder' parameter. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The vulnerable Aquaforest TIFF Server feature was removed on or around 2023-11-01. Insecure configuration issues in Aquaforest TIFF Server are identified separately as CVE-2023-6352. CVE-2023-6343 is related to or partially caused by CVE-2023-6352.
CVSS 5.3
CVE-2023-6352 WRITEUP MEDIUM WRITEUP
Aquaforest TIFF Server - Info Disclosure
The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.
CVSS 5.3
CVE-2023-6353 WRITEUP MEDIUM WRITEUP
Tyler Technologies - Info Disclosure
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
CVSS 5.3
CVE-2023-6354 WRITEUP MEDIUM WRITEUP
Tyler Technologies Court Case Management Plus - Unauthenticated Arbitrary File Upload/Deletion via PDFViewer.aspx
Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter.
CVSS 5.3
CVE-2023-6375 WRITEUP MEDIUM WRITEUP
Tyler Technologies Court Case Management Plus - Info Disclosure
Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials.
CVSS 5.3