GCVE - cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*

part: a version: 6.8 update: *

Vendor	Aenrich (`bebdf35c-9222-5ffb-927c-024624a0ce65`)
Product	A+Hrd (`7fc4f999-2faf-5baa-8549-89929b9687a9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-3775`	vulnerable	2026-06-08 06:43:51.502662	aEnrich Technology a+HRD - Argument Injection MEDIUM (5.3) aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files. Published: 2024-04-15T02:41:18.782Z Updated: 2024-08-01T20:20:01.574Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7726-e5f70-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-3774`	vulnerable	2026-06-08 06:43:51.498840	aEnrich Technology a+HRD - Exposure of Sensitive Data MEDIUM (5.3) aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. Published: 2024-04-15T02:14:39.724Z Updated: 2024-10-18T15:44:24.362Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7724-c28d3-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39042`	vulnerable	2026-06-08 05:47:17.676445	aEnrich a+HRD - Improper Authentication CRITICAL (9.8) aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service. Published: 2023-01-03T00:00:00.000Z Updated: 2025-04-10T15:49:09.860Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39041`	vulnerable	2026-06-08 05:47:17.675978	aEnrich a+HRD - SQL Injection CRITICAL (9.8) aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. Published: 2023-01-03T00:00:00.000Z Updated: 2025-04-10T15:49:33.990Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6794-35928-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39040`	vulnerable	2026-06-08 05:47:17.675485	aEnrich a+HRD - Path Traversal HIGH (7.5) aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. Published: 2023-01-03T00:00:00.000Z Updated: 2025-04-10T15:32:10.602Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6793-66aee-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-39039`	vulnerable	2026-06-08 05:47:17.673885	aEnrich a+HRD - Server-Side Request Forgery (SSRF) CRITICAL (9.8) aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service. Published: 2023-01-03T00:00:00.000Z Updated: 2025-04-10T15:34:48.454Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6792-c4a62-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26676`	vulnerable	2026-06-08 05:41:52.802075	aEnrich a+HRD - Broken Access Control CRITICAL (9.8) aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. Published: 2022-04-07T18:22:44.359Z Updated: 2024-09-16T17:24:17.624Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-5970-2f405-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26675`	vulnerable	2026-06-08 05:41:52.801519	aEnrich a+HRD - Path Traversal HIGH (7.5) aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory. Published: 2022-04-07T18:22:42.703Z Updated: 2024-09-17T01:56:47.206Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-5969-a5d4a-1.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.