CVE-2022-35156 The Bus Pass Management System 1.0 had a SQL Injection vulnerability via the searchdata parameter.
A user with access to this parameter could exploit this vulnerability to obtain sensitive information about the system, such as the name of a person
CVE-2021-36855 An XSS vulnerability in the Booking Ultra Pro plugin = 1.1.4 at WordPress that is caused by CSRF.
The PoC exploit code is - Injecting XSS via CSRF. Reflected XSS via CSRF vulnerability can lead to serious security vulnerabilities in WordPress. The WordPress
CVE-2022-31629 An older PHP version can set a cookie for later use which is treated as a '__Host-' or '__Secure-' cookie.
This can be exploited by malicious or compromised websites to facilitate a cross-site request forgery (CSRF) attack to take control of the affected website.
In
CVE-2022-40083 The Echo CMS v4.8.0 had an open redirect vulnerability in the Static Handler component.
SSRF is a type of attack where the attacker tricks the victim’s web application into executing a command on the server. The command can
CVE-2022-40353 The local file of the Tour & Travels Management System v1.0 was found to be vulnerable to SQL injection.
An attacker can exploit this vulnerability to inject arbitrary SQL queries into the application, causing the backend to crash.
An attacker can exploit this vulnerability
Episode
00:00:00
00:00:00