» 2022 » 9월

CVE-2022-40805

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-40805

The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package.

Source: CVE-2022-40805

CVE-2022-40807

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-40807

The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0

Source: CVE-2022-40807

CVE-2022-40806

Posted on 2022년 9월 20일2022년 9월 20일 by admin

CVE-2022-40806

The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0

Source: CVE-2022-40806

CVE-2022-2840

Posted on 2022년 9월 19일2022년 9월 20일 by admin

CVE-2022-2840

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections

Source: CVE-2022-2840

CVE-2022-2958

Posted on 2022년 9월 19일2022년 9월 20일 by admin

CVE-2022-2958

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections

Source: CVE-2022-2958

CVE-2022-3021

Posted on 2022년 9월 19일2022년 9월 20일 by admin

CVE-2022-3021

The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Source: CVE-2022-3021

CVE-2022-3141

Posted on 2022년 9월 19일2022년 9월 20일 by admin

CVE-2022-3141

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.

Source: CVE-2022-3141

CVE-2022-3142

Posted on 2022년 9월 19일2022년 9월 20일 by admin

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.

Source: CVE-2022-3142

CVE-2022-38341

Posted on 2022년 9월 19일2022년 9월 20일 by admin

CVE-2022-38341

Safe Software FME Server v2022.0.1.1 and below does not employ server-side validation.

Source: CVE-2022-38341

CVE-2022-38880

Posted on 2022년 9월 19일2022년 9월 20일 by admin

CVE-2022-38880

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.

Source: CVE-2022-38880