CVE-2022-40664 Shiro before 1.10.0 has an authentication bypass vulnerability when forwarding or including via RequestDispatcher.
This allows for bypassing Authorization headers, and for attackers to gain unauthorized access to applications. A fix has been released for this issue: https://issues.
CVE-2022-41530 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability via the id parameter.
Additionally, the system also had configuration issues that allowed users to bypass authentication. The system did not have a valid CSRF protection mechanism, either. If
CVE-2022-41406 An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code.
This issue affects the v1.0 version of the CMS and can be exploited by uploading a malicious PHP file via the /admin/admin_pic.
CVE-2022-39800 BusinessObjects BI LaunchPad is vulnerable to a script execution attack due to improper sanitization of user inputs.
SAP BusinessObjects BI LaunchPad - versions 430 and 420 is exposed to cross-site request forgery (CSRF) due to failure to properly validate the request parameters
CVE-2022-35297 SAP Enable Now doesn't encode user-controlled inputs over the network before it is served to other users, resulting in XSS vulnerability.
SAP Enable Now is an application that allows system administrators to quickly configure SAP software if needed. The application uses HTTP POST requests to transfer
Episode
00:00:00
00:00:00