CVE-2022-2297 - Critical Unrestricted File Upload Vulnerability in SourceCodester Clinics Patient Management System 2.
TL;DR:
A very serious security vulnerability, CVE-2022-2297, was found in the SourceCodester Clinics Patient Management System 2.. Through a flaw in the /pms/update_
CVE-2022-31580 The sanojtharindu/caretakerr repository through 2021-05-17 uses the Flask send_file function unsafely.
This function will try to access any path that it is passed, and as a result, it is possible for an attacker to craft a
CVE-2022-32994 An arbitrary file upload vulnerability was found in Halo CMS v1.5.3.
An attacker could leverage this vulnerability to execute code on the affected system or obtain sensitive information. The security risk of malicious file uploads is
CVE-2022-31090 - Sensitive Authorization Header Leak in Guzzle When Following Redirects—What You Should Know
If you use Guzzle, the popular PHP HTTP client, for making web requests, there's an important security vulnerability you need to know about—
CVE-2022-31626 With pdo_mysql extension and mysqlnd driver, if the third party allows to connect to the host, and the password is of excessive length, it can't be decrypted by the server.
It has been reported that the vulnerability exists in pdo_mysql extension with mysqlnd driver, which is currently being patched by most of the vendors.
Episode
00:00:00
00:00:00