CVE-2022-3726 - How GitLab’s Missing OpenAPI Sandboxing Put Users at Risk
Published: June 2024
Severity: Medium/High
Affected Products: GitLab CE/EE
Vulnerable Versions:
Summary
In late 2022, a significant vulnerability, CVE-2022-3726, was disclosed in GitLab
CVE-2022-43031 DedeCMS v6.1.9 has a CSRF flaw that allows attackers to add administrator accounts and modify admin passwords.
This vulnerability occurs due to the presence of an untrusted data source when a user with the ‘Administrator’ account type tries to login to the
CVE-2022-44551 The iaware module has a vulnerability in thread security
This issue results because thread_id in the password settings is not verified before being used. This can result in an attacker gaining root privileges.
CVE-2022-43488 - CSRF in Advanced Dynamic Pricing for WooCommerce <= 4.1.5 Allows Unauthorized Pricing Rules Migration
In October 2022, a security vulnerability (CVE-2022-43488) was disclosed for the Advanced Dynamic Pricing for WooCommerce WordPress plugin, affecting versions up to 4.1.5.
CVE-2022-32587 - How a CSRF Vulnerability in CodeAndMore WP Page Widget Lets Attackers Change Plugin Settings
The WordPress ecosystem is full of plugins designed to make site management easier. But as new plugins are developed, sometimes serious vulnerabilities sneak through the
Episode
00:00:00
00:00:00