CVE-2022-43288 The v3.2.1 version of the Rukovoditel software contains a SQL injection vulnerability.
A user with the ability to create account can inject arbitrary SQL commands that will be executed once the order_by function is called.
Rukovoditel
CVE-2022-3538 The Webmaster Tools Verification plugin through 1.2 doesn't have authorisation and CSRF, allowing unauthenticated users to disable arbitrary plugins.
This could potentially allow an attacker to disable arbitrary plugins, leading to a plugin breakage and Site deactivation. We are actively investigating this issue, and
CVE-2022-3973 A critical vulnerability has been found in Pingkon HMS-PHP Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection.
The researcher of the problem discovered by the RedTeam Pentesting security group states that the injectable sql code is as follows: Injectable sql code: [Select]
CVE-2022-43672 In PAM360, Password Manager Pro, and Access Manager Plus, SQL Injection (CVE-2022-43671) was found in a different software component.
The affected components are Zoho ManageEngine Password Manager Pro, PAM360, and Access Manager Plus. If a user has these software installed on their system, an
CVE-2022-3956 - Critical SQL Injection in tsruban HHIMS 2.1 Patient Portrait Handler (VDB-213462) – What You Need to Know
---
Introduction
A dangerous flaw, tracked as CVE-2022-3956, was discovered in tsruban HHIMS 2.1, a healthcare management system. This vulnerability, marked as critical, centers
Episode
00:00:00
00:00:00