CVE-2022-40248 An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4
An attacker can inject arbitrary HTML, script, or CSS into the "Product Affected" form field. This can lead to the disclosure of confidential
CVE-2022-3434 A vulnerability was found in SourceCodester Web-Based Student Clearance System. The function 'prepare' can be manipulated to cause cross site scripting.
The researcher discovered that it is possible to execute arbitrary PHP code on the server. Stored application credentials may be accessed. The security issue has
CVE-2022-41379 An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code.
This arbitrary code can be executed in a logged-in administrator user via a specially-crafted PHP file. This arbitrary code can be used to steal data,
CVE-2022-42074 The v1.0 of GED Diagnostic Lab Management System is vulnerable to SQL Injection.
A hacker can inject a SQL query to change the content of the database and steal critical information or even take over the system. A
CVE-2022-41512 An arbitrary file upload vulnerability in the /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code.
The component /php_action/editFile.php does not require any authentication to enable unauthorized users to upload files and execute code. The component should be
Episode
00:00:00
00:00:00