CVE-2022-43288 The v3.2.1 version of the Rukovoditel software contains a SQL injection vulnerability.
A user with the ability to create account can inject arbitrary SQL commands that will be executed once the order_by function is called.
Rukovoditel
CVE-2022-31630 Before 7.4.33, 8.0.25, and 8.2.12, gd extension's imageloadfont() could be used to load a font that would be read outside allocated buffer.
The vulnerable font file can be crafted with font encoding such as greek. An example vulnerability can be found in the function imageloadfont() in file
CVE-2022-3973 A critical vulnerability has been found in Pingkon HMS-PHP Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection.
The researcher of the problem discovered by the RedTeam Pentesting security group states that the injectable sql code is as follows: Injectable sql code: [Select]
CVE-2022-3972 An issue was found in Pingkon HMS-PHP. It is critical and affects admin/adminlogin.php processing. The argument uname/pass can be manipulated to lead to sql injection.
This issue was found in Pingkon PHP. It has been rated as moderate. It may be exploited by hackers to cause a denial-of-service. This vulnerability
CVE-2022-40750 - IBM WebSphere Application Server 8.5 and 9. Cross-Site Scripting Vulnerability – Deep Dive, Exploit Example, and Mitigation
---
Introduction
In today's world, web applications are at the heart of almost every business. But with popularity comes risk. IBM WebSphere Application
Episode
00:00:00
00:00:00