CVE-2022-36689 The Stock Management System v1.0 had a SQL injection vulnerability in the month parameter.
Depending on the parameters used, hackers can manipulate the SQL query to dump data or create new databases. Another potential threat comes from insecure file
CVE-2022-32548 An issue was found on certain DrayTek Vigor routers before July 2022, such as the Vigor3910 4.3.1.1
An attacker can access or modify the aa or ab field to execute arbitrary code or cause a denial of service condition. When running the
CVE-2022-36572 Sinsiu Enterprise Website System v1.1.1.0 had an RCE vulnerability that was discovered via the /upload/admin.php?/deal/ component.
The component upload/admin.php?/deal/ allows users to upload files to the system. This can be leveraged to upload arbitrary code to the system.
CVE-2022-36706 The Stock Management System v1.0 had a SQL injection vulnerability.
It appears that the application had not enabled the id_ parameter, which allowed attackers to inject script code or SQL commands that were executed when
CVE-2022-36708 Library Management System v1.0 had an SQL injection vulnerability where the Id parameter was vulnerable.
A hacker can inject arbitrary SQL queries that will be executed if a user visits a maliciously crafted URL or if they try to edit
Episode
00:00:00
00:00:00