CVE-2022-39297 MelisCms is a CMS for Melis Platform, including templating system, plugins drag and drop, and SEO tools.
This restriction prevents attackers from deserializing user-controlled data and executing arbitrary PHP code on the system. Melis CMS is not enabled by default on new
CVE-2022-41350 ZCS 8.8.15 has a vulnerability to Reflected XSS with the phone parameter of /h/search.
The /h/search?phone=&action=listen request can be used to exploit the following scenario: An attacker sends a victim a message with a
CVE-2022-41349 An attachUrl parameter in ZCS 8.8.15 is vulnerable to Reflected XSS.
The attached file must be uploaded through the administration interface. Consider the following example.
form action="http://[attacker's server]:8080/h/compose?
CVE-2022-42078 The Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
As CSRF vulnerability allows an attacker to perform unauthorized actions on the targeted site, like changing content, sending emails, etc. By setting up an evil
CVE-2022-41406 An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code.
This issue affects the v1.0 version of the CMS and can be exploited by uploading a malicious PHP file via the /admin/admin_pic.
Episode
00:00:00
00:00:00