CVE-2022-42197 The User List function has improper access control that allows low privileged users to modify user permissions.
This can be exploited by low privileged attackers to modify the user permissions of high privileged users.
Currently there is no access control in the
CVE-2022-43021 OpenCATS v0.9.6 had a SQL injection vulnerability via the entriesPerPage variable.
An attacker can exploit this to execute arbitrary SQL commands with the privileges of the user that installed the application. OpenCATS version 0.9.6
CVE-2022-43023 OpenCATS v0.9.6 had a SQL injection vulnerability in the Import viewerrors function.
An attacker can exploit this vulnerability to execute arbitrary SQL commands on the system, resulting in remote access and data theft. In OpenCATS v0.9.
CVE-2022-43022 OpenCATS v0.9.6 had a SQL injection vulnerability in the Tag deletion function.
A user with the “Supervisor” role could delete any tag that they did not intend to remove.
OpenCATS administrators were advised to upgrade the app
CVE-2022-43020 OpenCATS v0.9.6 had a SQL injection vulnerability in the Tag update function because of the tag_id variable. end>
This can be exploited to execute arbitrary SQL commands with the privileges of the user running the application or to delete, edit, or disable certain
Episode
00:00:00
00:00:00