aEnrich a+HRD 7.0
Approved changes feed: RSS · Atom
cpe:2.3:a:aenrich:a\+hrd:7.0:*:*:*:*:*:*:*
part: a version: 7.0 update: *
| Vendor | Aenrich (bebdf35c-9222-5ffb-927c-024624a0ce65) |
|---|---|
| Product | A+Hrd (7fc4f999-2faf-5baa-8549-89929b9687a9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-3775 |
vulnerable | 2026-06-08 06:43:51.502686 |
aEnrich Technology a+HRD - Argument Injection
MEDIUM (5.3)
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.
Published: 2024-04-15T02:41:18.782Z
Updated: 2024-08-01T20:20:01.574Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3774 |
vulnerable | 2026-06-08 06:43:51.500138 |
aEnrich Technology a+HRD - Exposure of Sensitive Data
MEDIUM (5.3)
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
Published: 2024-04-15T02:14:39.724Z
Updated: 2024-10-18T15:44:24.362Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39042 |
vulnerable | 2026-06-08 05:47:17.676467 |
aEnrich a+HRD - Improper Authentication
CRITICAL (9.8)
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T15:49:09.860Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39041 |
vulnerable | 2026-06-08 05:47:17.676096 |
aEnrich a+HRD - SQL Injection
CRITICAL (9.8)
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T15:49:33.990Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39040 |
vulnerable | 2026-06-08 05:47:17.675510 |
aEnrich a+HRD - Path Traversal
HIGH (7.5)
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T15:32:10.602Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39039 |
vulnerable | 2026-06-08 05:47:17.674842 |
aEnrich a+HRD - Server-Side Request Forgery (SSRF)
CRITICAL (9.8)
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T15:34:48.454Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.