CVE-2022-41535 The Open Source SACCO Management System v1.0 has a SQL injection vulnerability via the id parameter.
The code of this vulnerable management endpoint is as follows.
/sacco_shield/manage_borrower.php?id=1 The id parameter is used to assign an
CVE-2022-41536 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability where id was used as the parameter.
A hacker may inject arbitrary SQL queries that can compromise the integrity of the management system. In addition, the source code of the management system
CVE-2022-41539 Wedding Planner v1.0 had an arbitrary file upload vulnerability in the /admin/users_add.php component.
To exploit this issue, an attacker needs to upload a malicious PHP file to the server. After the file is uploaded, an attacker can request
CVE-2022-34022 Injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114.
CVE-2018-1493 An issue was discovered in certain Red Hat Enterprise Linux 6 and 7 virtual machines using IPython. Due to incorrect handling of the OR
CVE-2022-41390 OcoMon v4.0 was found to have a SQL injection vulnerability on download.php.
An attacker can exploit this to access and modify data across the installation. There is no mitigations for this issue.
An update to fix this
Episode
00:00:00
00:00:00