» 2023 » 7월

CVE-2023-37745

Posted on 2023년 7월 14일2023년 7월 14일 by admin

CVE-2023-37745

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.

Source: CVE-2023-37745

CVE-2023-31821

Posted on 2023년 7월 14일2023년 7월 14일 by admin

CVE-2023-31821

An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function.

Source: CVE-2023-31821

CVE-2023-31823

Posted on 2023년 7월 14일2023년 7월 14일 by admin

CVE-2023-31823

An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.

Source: CVE-2023-31823

CVE-2023-31824

Posted on 2023년 7월 14일2023년 7월 14일 by admin

CVE-2023-31824

An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.

Source: CVE-2023-31824

CVE-2023-31704

Posted on 2023년 7월 14일2023년 7월 14일 by admin

CVE-2023-31704

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator’s role.

Source: CVE-2023-31704

CVE-2023-31705

Posted on 2023년 7월 14일2023년 7월 14일 by admin

CVE-2023-31705

A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.

Source: CVE-2023-31705

CVE-2022-24834

Posted on 2023년 7월 14일2023년 7월 14일 by admin

CVE-2022-24834

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

Source: CVE-2022-24834

CVE-2023-31819

Posted on 2023년 7월 13일2023년 7월 14일 by admin

CVE-2023-31819

An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.

Source: CVE-2023-31819

CVE-2023-35070

Posted on 2023년 7월 13일2023년 7월 14일 by admin

CVE-2023-35070

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197.

Source: CVE-2023-35070

CVE-2023-31820

Posted on 2023년 7월 13일2023년 7월 14일 by admin

CVE-2023-31820

An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.

Source: CVE-2023-31820