GCVE - cpe:2.3:a:aceware:aceweb_online_portal:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aceware:aceweb_online_portal:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aceware (`30e28899-71cc-5fd4-8533-900595215b7e`)
Product	Aceweb Online Portal (`9a239124-9dfc-5d95-bbc6-28b600a3fc49`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-24581`	vulnerable	2026-06-03 14:46:30.718677	Details available ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. Published: 2022-05-27T18:29:47.000Z Updated: 2024-08-03T04:13:56.660Z Open on db.gcve.eu Reference links http://aceware.com http://aceweb.com https://www.aceware.com/forum/viewtopic.php?f=7&t=481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24241`	vulnerable	2026-06-03 14:46:29.470989	Details available ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. Published: 2022-05-27T18:29:37.000Z Updated: 2024-08-03T04:07:02.355Z Open on db.gcve.eu Reference links http://aceware.com http://aceweb.com https://www.aceware.com/forum/viewtopic.php?f=7&t=481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24240`	vulnerable	2026-06-03 14:46:29.470687	Details available ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. Published: 2022-05-27T18:29:26.000Z Updated: 2024-08-03T04:07:02.365Z Open on db.gcve.eu Reference links http://aceware.com http://aceweb.com https://www.aceware.com/forum/viewtopic.php?f=7&t=481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24239`	vulnerable	2026-06-03 14:46:29.470360	Details available ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. Published: 2022-05-27T18:29:16.000Z Updated: 2024-08-03T04:07:02.628Z Open on db.gcve.eu Reference links http://aceware.com http://aceweb.com https://www.aceware.com/forum/viewtopic.php?f=7&t=481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24238`	vulnerable	2026-06-03 14:46:29.469931	Details available ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. Published: 2022-05-27T18:29:04.000Z Updated: 2024-08-03T04:07:02.381Z Open on db.gcve.eu Reference links http://aceware.com http://aceweb.com https://www.aceware.com/forum/viewtopic.php?f=7&t=481	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.