CVE-2022-3865 The WP User Merger plugin before 1.5.3 does not properly sanitise and escape a parameter, which allows users with a role as low as admin to inject SQL queries.
This can be exploited by attackers to run arbitrary SQL queries as high privileged users. WP user merger is used to reduce the amount of
CVE-2022-23044 - How a CSRF Vulnerability in Tiny File Manager 2.4.8 Lets Remote Attackers Trick Users
Tiny File Manager is a popular web-based tool written in PHP to help users manage files on their server. It’s loved for its
CVE-2022-37720 - How a Simple XSS Bug in Orchard CMS 1.10.3 Can Lead to Admin Account Takeover
In September 2022, a security vulnerability was disclosed for Orchard CMS version 1.10.3, known as CVE-2022-37720. This vulnerability allows attackers with
CVE-2022-4090 - Cross-Site Request Forgery Vulnerability Found In Rickxy Stock Management System
A recently discovered vulnerability in the rickxy Stock Management System (SMS) allows attackers to exploit a cross-site request forgery (CSRF) flaw. Classified as problematic,
CVE-2021-29334 - How a CSRF Vulnerability in JIZHI CMS 1.9.4 Lets Attackers Add Admin Accounts
JIZHI CMS is a content management system used mainly in Chinese-speaking communities for creating and managing websites easily. In April 2021, a Cross-Site
Episode
00:00:00
00:00:00