CVE-2022-2657 The Multivendor Marketplace Solution for WooCommerce plugin before 3.8.12 had authorisation and CSRF issues, which could allow users to suspend vendors.
attacks on other users’ accounts, such as when a vendor suspends another vendor or when vendors call other vendors and alter their orders. These unauthenticated
CVE-2022-36609 The patient management system v1.0 had a SQL injection vulnerability via the id parameter.
An attacker can exploit the SQL injection flaw to execute arbitrary SQL commands with the privileges of the system user. In addition to the SQL
CVE-2021-29823 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
On March 12th, 2018 IBM released security patches for IBM Cognos Analytics 11.1.7, 11.2.0, 11.2.1, and 11.2.2
CVE-2022-36583 DedeCMS V5.7.97 has XSS vulnerabilities at /dede/co_do.php via dopost, rpok, and aid parameters.
A remote attacker could leverage these issues to execute arbitrary code in the context of the affected website.
An unauthenticated user could also access and
CVE-2022-36676 An SQL injection was found in the Task Scheduling System v1.0. id parameter.
This flaw could be exploited by injecting malicious code into the database or via cross-site request forgery (CSRF) if users’ input was hijacked. The id
Episode
00:00:00
00:00:00