CVE-2022-25517 - SQL Injection Vulnerability in MyBatis Plus v3.4.3 via AbstractWrapper.java Column Parameter
MyBatis Plus is a popular enhancement of the MyBatis framework, widely used in Java applications for simplifying database operations. In early 2022, researchers discovered a
CVE-2022-27228 - Exploiting Remote Code Execution in Bitrix Vote Module (Polls, Votes) Before 21..100
Bitrix Site Manager is a popular content management system, widely used for websites and business portals. Among its many modules is one called "Vote&
CVE-2022-24775 Guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing, which can be abused to inject untrusted values. The issue is patched.
Another major issue with pugnace/psr7 is the lack of rate limiting. An attacker could make a large number of requests with crafted headers that
CVE-2022-26266 - SQL Injection in Piwigo v12.2. via pwg.users.php – Exploit Details and Analysis
Piwigo is a popular open-source photo gallery software used by thousands to manage and share their photos on the web. In early 2022, a serious
CVE-2022-25581 - Understanding Classcms v2.5 Arbitrary File Upload – How A Malicious TXT File Can Compromise Your Site
In today’s digital age, website security remains a pressing challenge, especially for content management systems (CMS) deployed all over the web. In early 2022,
Episode
00:00:00
00:00:00