This page aggregates publicly disclosed CVE and security risk information related to myq-solution, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-22076 | MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. | [email protected] | 9.8 | 1.14% | 2024-01-23 | 2025-06-16 |
| CVE-2023-27107 | Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL. | [email protected] | 8.8 | 0.84% | 2023-04-26 | 2025-02-03 |
| CVE-2021-31769 | MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. | [email protected] | 8.8 | 4.06% | 2021-06-21 | 2024-11-21 |