CVE-2022-3992 - Cross-Site Scripting in SourceCodester Sanitization Management System (Banner Image Handler)
In this post, we’ll take a close look at CVE-2022-3992, a security vulnerability found in the SourceCodester Sanitization Management System, specifically affecting the Banner
CVE-2022-43288 The v3.2.1 version of the Rukovoditel software contains a SQL injection vulnerability.
A user with the ability to create account can inject arbitrary SQL commands that will be executed once the order_by function is called.
Rukovoditel
CVE-2022-31630 Before 7.4.33, 8.0.25, and 8.2.12, gd extension's imageloadfont() could be used to load a font that would be read outside allocated buffer.
The vulnerable font file can be crafted with font encoding such as greek. An example vulnerability can be found in the function imageloadfont() in file
CVE-2022-3973 A critical vulnerability has been found in Pingkon HMS-PHP Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection.
The researcher of the problem discovered by the RedTeam Pentesting security group states that the injectable sql code is as follows: Injectable sql code: [Select]
CVE-2022-3972 An issue was found in Pingkon HMS-PHP. It is critical and affects admin/adminlogin.php processing. The argument uname/pass can be manipulated to lead to sql injection.
This issue was found in Pingkon PHP. It has been rated as moderate. It may be exploited by hackers to cause a denial-of-service. This vulnerability
Episode
00:00:00
00:00:00