‼ CVE-2022-43127 ‼
📖 Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43076 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43223 ‼
📖 Read
via "National Vulnerability Database".
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43086 ‼
📖 Read
via "National Vulnerability Database".
Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43079 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43222 ‼
📖 Read
via "National Vulnerability Database".
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43084 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3789 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43083 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43126 ‼
📖 Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3791 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in PDF & Print Plugin. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212613 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43124 ‼
📖 Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43078 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3788 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in TablePress Plugin. Affected is an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212610 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43085 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43081 ‼
📖 Read
via "National Vulnerability Database".
Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43125 ‼
📖 Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3797 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212633 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3800 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31777 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39369 ‼
📖 Read
via "National Vulnerability Database".
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authenticate to the service protected by phpCAS. Depending on the settings of the CAS server service registry in worst case this may be any other service URL (if the allowed URLs are configured to "^(https)://.*") or may be strictly limited to known and authorized services in the same SSO federation if proper URL service validation is applied. This vulnerability may allow an attacker to gain access to a victim's account on a vulnerable CASified service without victim's knowledge, when the victim visits attacker's website while being logged in to the same CAS server. phpCAS 1.6.0 is a major version upgrade that starts enforcing service URL discovery validation, because there is unfortunately no 100% safe default config to use in PHP. Starting this version, it is required to pass in an additional service base URL argument when constructing the client class. For more information, please refer to the upgrading doc. This vulnerability only impacts the CAS client that the phpCAS library protects against. The problematic service URL discovery behavior in phpCAS < 1.6.0 will only be disabled, and thus you are not impacted from it, if the phpCAS configuration has the following setup: 1. `phpCAS::setUrl()` is called (a reminder that you have to pass in the full URL of the current page, rather than your service base URL), and 2. `phpCAS::setCallbackURL()` is called, only when the proxy mode is enabled. 3. If your PHP's HTTP header input `X-Forwarded-Host`, `X-Forwarded-Server`, `Host`, `X-Forwarded-Proto`, `X-Forwarded-Protocol` is sanitized before reaching PHP (by a reverse proxy, for example), you will not be impacted by this vulnerability either. If your CAS server service registry is configured to only allow known and trusted service URLs the severity of the vulnerability is reduced substantially in its severity since an attacker must be in control of another authorized service. Otherwise, you should upgrade the library to get the safe service discovery behavior.📖 Read
via "National Vulnerability Database".