CVE-2022-42021 Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=
A hacker can inject malicious code in the input of the notice-details.php?nid= parameter to execute arbitrary SQL commands.
1.1.7 - Inadequate
CVE-2022-40084 OpenCRX v5.2.2 was vulnerable to password enumeration due to difference in messages received during a password reset. This could enable an attacker to determine if a username, email or ID is valid.
The vulnerability here is that the transition of a new password would result in a different error code being stored in the database. Due to
CVE-2022-42197 The User List function has improper access control that allows low privileged users to modify user permissions.
This can be exploited by low privileged attackers to modify the user permissions of high privileged users.
Currently there is no access control in the
CVE-2022-43021 OpenCATS v0.9.6 had a SQL injection vulnerability via the entriesPerPage variable.
An attacker can exploit this to execute arbitrary SQL commands with the privileges of the user that installed the application. OpenCATS version 0.9.6
CVE-2022-43023 OpenCATS v0.9.6 had a SQL injection vulnerability in the Import viewerrors function.
An attacker can exploit this vulnerability to execute arbitrary SQL commands on the system, resulting in remote access and data theft. In OpenCATS v0.9.
Episode
00:00:00
00:00:00