CVE-2022-42070 The BCSMS v1.0 is vulnerable to CSRF.
CSRF is a type of attack where an attacker tricks a website into executing unwanted actions on the user's behalf. This can be
CVE-2022-41535 The Open Source SACCO Management System v1.0 has a SQL injection vulnerability via the id parameter.
The code of this vulnerable management endpoint is as follows.
/sacco_shield/manage_borrower.php?id=1 The id parameter is used to assign an
CVE-2022-42161 The COVR 1200,1202,1203 v1.08 was found to have a command injection vulnerability in the SetTriggerWPS/PIN parameter.
The command injection can be exploited by issuing a request to set a custom WPS pin. An attacker can exploit the command injection to change
CVE-2022-41482 An exploit in the Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was found that had a buffer overflow.
An attacker can exploit this vulnerability by sending a specially crafted request to the 0x47c5dc function. It is advised to update Tenda AC1200 US_AC6V2.
CVE-2022-41489 - CSRF Vulnerability in WAYOS LQ_09 22.03.17V Usb_upload.htm Explained
Disclosure Date: October 2022
Vulnerability Type: Cross-Site Request Forgery (CSRF)
Affected Product: WAYOS LQ_09, Firmware Version 22.03.17V
Component: Usb_upload.htm
Introduction
Episode
00:00:00
00:00:00