CVE-2022-3126 The Frontend File Manager Plugin before 21.4 did not have CSRF check, which could allow attackers to make logged in users upload files on their behalf.
This issue has been fixed in version 2.6.10. Before installing this plugin, you should make sure your site does not use a file
CVE-2022-41586 The communication framework has a vulnerability of not properly truncating data. This may impact data confidentiality.
This vulnerability may lead to the disclosure of sensitive information, e.g. database log information.
It has been reported that the web interface of the
CVE-2022-41594 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
A local attacker may access and control the smart phone or read personal data from it.
Vulnerabilities Scoring System
The Vulnerabilities Scoring System (VSS) is
CVE-2022-42070 The BCSMS v1.0 is vulnerable to CSRF.
CSRF is a type of attack where an attacker tricks a website into executing unwanted actions on the user's behalf. This can be
CVE-2022-41535 The Open Source SACCO Management System v1.0 has a SQL injection vulnerability via the id parameter.
The code of this vulnerable management endpoint is as follows.
/sacco_shield/manage_borrower.php?id=1 The id parameter is used to assign an
Episode
00:00:00
00:00:00