彙總 backclick 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 路徑處理缺陷與SQL 注入 等問題,部分漏洞可能導致 檔案覆寫,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2022-44001 | An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. | [email protected] | 9.8 | 1.10% | 2022-11-17 | 2026-06-17 |
| CVE-2022-44006 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file. | [email protected] | 9.8 | 1.88% | 2022-11-16 | 2026-06-17 |
| CVE-2022-44005 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail addresses to newsletters without their consent. | [email protected] | 5.3 | 0.61% | 2022-11-16 | 2026-06-17 |
| CVE-2022-44004 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password. | [email protected] | 9.8 | 1.18% | 2022-11-16 | 2026-06-17 |
| CVE-2022-44003 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. | [email protected] | 9.8 | 1.49% | 2022-11-16 | 2026-06-17 |
| CVE-2022-44002 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations. | [email protected] | 6.1 | 0.35% | 2022-11-16 | 2026-06-17 |
| CVE-2022-44000 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server. | [email protected] | 9.8 | 0.95% | 2022-11-16 | 2026-06-17 |
| CVE-2022-44008 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly. | [email protected] | 6.5 | 0.82% | 2022-11-16 | 2026-06-17 |
| CVE-2022-44007 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation. | [email protected] | 8.8 | 0.80% | 2022-11-16 | 2026-06-17 |
| CVE-2022-43999 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server. | [email protected] | 9.8 | 0.95% | 2022-11-16 | 2026-06-17 |