CVE-2022-22868
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.
Source: CVE-2022-22868
[월:] 2022년 01월
CVE-2021-41608
CVE-2021-41608
A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1.
Source: CVE-2021-41608
CVE-2021-41609
CVE-2021-41609
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application’s backend database via boolean-based blind and UNION injection.
Source: CVE-2021-41609
CVE-2021-44971
CVE-2021-44971
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
Source: CVE-2021-44971
CVE-2021-40395
CVE-2021-40395
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2021-40395
CVE-2021-34073
CVE-2021-34073
A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php.
Source: CVE-2021-34073
CVE-2022-22294
CVE-2022-22294
A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account.
Source: CVE-2022-22294
CVE-2021-45899
CVE-2021-45899
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.
Source: CVE-2021-45899
CVE-2021-45898
CVE-2021-45898
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.
Source: CVE-2021-45898
CVE-2021-45897
CVE-2021-45897
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.
Source: CVE-2021-45897