CVE-2020-12507 An attacker with access to monit tool 4.2 could access the database by injection.
s::can moni::tools 4.2+ now uses a secure database connection to avoid SQL injection and other security issues.
In s::can moni::tools
CVE-2022-3997 - Critical SQL Injection in MonikaBrzica SCM (`upis_u_bazu.php`) — Technical Deep Dive
In late 2022, a critical vulnerability surfaced in MonikaBrzica’s Supply Chain Management (SCM) solution, tracked as CVE-2022-3997 and also referenced as VDB-213698. This SQL
CVE-2022-3998 A critical vulnerability was found in Monika Brzica scm. It is possible to inject sql script to manipulate the id argument. This is a remote attack.
It is recommended to apply the patch on a priority. It is possible to protect the server from the attack by applying the security patch.
CVE-2022-40308 If anonymous read enabled, it's possible to read the database file directly without logging in.
This is a serious security risk as the data in the database is not stored in a secured way. You should only enable this feature
CVE-2022-42122 - SQL Injection in Liferay Portal’s Friendly Url Module Explained
CVE-2022-42122 is a serious SQL injection vulnerability found in the Friendly Url module of Liferay Portal 7.3.7 and Liferay DXP (fix pack 2
Episode
00:00:00
00:00:00