彙總 marmotech 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 SQL 注入 相關,可能在 生產負載與軟體部署 場景中帶來 資料外洩 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2019-25704 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data. | [email protected] | 8.8 | 0.31% | 2026-04-05 | 2026-06-16 |
| CVE-2019-25702 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data. | [email protected] | 8.8 | 0.31% | 2026-04-05 | 2026-06-16 |
| CVE-2019-25700 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data. | [email protected] | 8.8 | 0.31% | 2026-04-05 | 2026-06-16 |
| CVE-2019-25698 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information. | [email protected] | 8.8 | 0.31% | 2026-04-05 | 2026-06-16 |
| CVE-2019-25696 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data. | [email protected] | 8.8 | 0.31% | 2026-04-05 | 2026-06-16 |
| CVE-2019-25694 | Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modify data. | [email protected] | 8.8 | 0.40% | 2026-04-05 | 2026-06-16 |
| CVE-2019-25692 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data. | [email protected] | 8.8 | 0.31% | 2026-04-05 | 2026-06-16 |
| CVE-2019-25690 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract sensitive database information. | [email protected] | 8.8 | 0.31% | 2026-04-05 | 2026-06-16 |
| CVE-2019-25688 | Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents. | [email protected] | 8.8 | 0.34% | 2026-04-05 | 2026-06-16 |