CVE-2022-3956 - Critical SQL Injection in tsruban HHIMS 2.1 Patient Portrait Handler (VDB-213462) – What You Need to Know
---
Introduction
A dangerous flaw, tracked as CVE-2022-3956, was discovered in tsruban HHIMS 2.1, a healthcare management system. This vulnerability, marked as critical, centers
CVE-2022-3955 - Critical SQL Injection in tholum crm42's Login – How It Works and How Attackers Exploit It
In late 2022, a critical security flaw was found in tholum crm42, a little-known customer relationship management (CRM) system. The flaw was officially cataloged as
CVE-2022-3949 - Exploiting XSS in Sourcecodester Simple Cashiering System via User Account Handler
In late 2022, a medium-severity vulnerability—classified as problematic—was discovered in the Sourcecodester Simple Cashiering System, a open-source PHP platform popular for small business
CVE-2022-35740 Semicolon in a URL can be used to bypass access control and get sensitive information.
Through a combination of the above-mentioned issues, it is possible to construct dotCMS URIs that access arbitrary files. In dotCMS 5.3.8.12, 21.
CVE-2022-43074 AyaCMS v3.1.2 had an arbitrary file upload vulnerability via the /admin/fst_upload.inc.php component.
An attacker can upload a PHP file via the component /admin/fst_upload.inc.php and then upload a file with a malicious code or
Episode
00:00:00
00:00:00