CVE-2022-42077 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to CSRF attack via SysToolReboot function.
Due to the lack of CSRF protection, an attacker can exploit this vulnerability to hijack an authenticated user's session by sending them a
CVE-2022-42078 The Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
As CSRF vulnerability allows an attacker to perform unauthorized actions on the targeted site, like changing content, sending emails, etc. By setting up an evil
CVE-2022-40664 Shiro before 1.10.0 has an authentication bypass vulnerability when forwarding or including via RequestDispatcher.
This allows for bypassing Authorization headers, and for attackers to gain unauthorized access to applications. A fix has been released for this issue: https://issues.
CVE-2022-41406 An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code.
This issue affects the v1.0 version of the CMS and can be exploited by uploading a malicious PHP file via the /admin/admin_pic.
CVE-2022-41530 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability via the id parameter.
Additionally, the system also had configuration issues that allowed users to bypass authentication. The system did not have a valid CSRF protection mechanism, either. If
Episode
00:00:00
00:00:00