CVE-2022-40878
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).
Source: CVE-2022-40878
[월:] 2022년 09월
CVE-2022-40352
CVE-2022-40352
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.
Source: CVE-2022-40352
CVE-2022-40199
CVE-2022-40199
Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product’s directory structure information.
Source: CVE-2022-40199
CVE-2022-40354
CVE-2022-40354
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.
Source: CVE-2022-40354
CVE-2022-40353
CVE-2022-40353
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.
Source: CVE-2022-40353
CVE-2022-40817
CVE-2022-40817
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2.
Source: CVE-2022-40817
CVE-2022-40816
CVE-2022-40816
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad’s asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2.
Source: CVE-2022-40816
CVE-2022-41570
CVE-2022-41570
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.
Source: CVE-2022-41570
CVE-2022-40877
CVE-2022-40877
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.
Source: CVE-2022-40877
CVE-2022-38335
CVE-2022-38335
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
Source: CVE-2022-38335