CVE-2022-40083 The Echo CMS v4.8.0 had an open redirect vulnerability in the Static Handler component.
SSRF is a type of attack where the attacker tricks the victim’s web application into executing a command on the server. The command can
CVE-2022-40353 The local file of the Tour & Travels Management System v1.0 was found to be vulnerable to SQL injection.
An attacker can exploit this vulnerability to inject arbitrary SQL queries into the application, causing the backend to crash.
An attacker can exploit this vulnerability
CVE-2022-3098 The Login Block IPs plugin through 1.0.0 doesn't have CSRF check, which could allow attackers to make a logged in admin change them.
Attackers could then access or modify the settings of the plugin, such as disabling the setting to require a password to login or enable login
CVE-2021-24890 The Scripts Organizer plugin before 3.0 had no capability for CSRF checks or validation of user input, which could allow unauthentic attacks.
which will be executed the next time the file is loaded by WordPress. This could allow for a wide range of attacks, including SQL injection,
CVE-2022-38553 Academy Learning Management System v5.9.1 had a reflected XSS vulnerability.
This could allow attackers to inject arbitrary web script into affected systems. Creation of a new system or installation of v5.9.1 or earlier
Episode
00:00:00
00:00:00