CVE-2022-3489 The WP Hide plugin through 0.0.2 doesn't have authorisation and CSRF checks, which allows unauthenticated attackers to update the custom_wpadmin_slug settings.
resulting in arbitrary code execution.
This was fixed in version 0.0.3 by changing the update code to be a POST request, resulting in
CVE-2022-3869 - Code Injection Vulnerability in Froxlor (GitHub) Prior to .10.38.2 – Explained With Exploit Example
When managing web hosting, many sysadmins turn to open-source panels like Froxlor for their flexibility and control. But open-source means open to both innovation and
CVE-2022-3868 - Critical SQL Injection in SourceCodester Sanitization Management System
In late 2022, a serious vulnerability surfaced in the popular web application, SourceCodester Sanitization Management System. Tracked as CVE-2022-3868, this flaw allows remote attackers to
CVE-2022-43568 - Exploiting Reflected XSS in Splunk Enterprise Using JSON and output_mode=radio
Splunk Enterprise is a popular tool used by thousands of companies worldwide to search, analyze, and visualize data. But even widely used, respected software can
CVE-2021-39473 - Exploiting XSS in Saibamen HotelManager v1.2 — A Step-by-Step Guide
If you use or manage a website running Saibamen HotelManager v1.2, you need to know about CVE-2021-39473. This vulnerability makes it possible for an
Episode
00:00:00
00:00:00