CVE-2022-41403 The OpenCart 3.x Newsletter Custom Popup contains a SQL injection vulnerability.
An attacker can exploit this vulnerability to execute arbitrary SQL commands with the privileges of the application user. This can lead to the takeover of
CVE-2022-3464 An issue has been found in puppyCMS up to 5.1. The manipulation of the argument site_name leads to XSS.
What to do if your site is infected? You can follow these recommendations to protect your site and its users. End users should never input
CVE-2022-40664 Shiro before 1.10.0 has an authentication bypass vulnerability when forwarding or including via RequestDispatcher.
This allows for bypassing Authorization headers, and for attackers to gain unauthorized access to applications. A fix has been released for this issue: https://issues.
CVE-2022-41407 The App v1.0 had a SQL injection vulnerability via the id parameter.
A user with a low privilege level (e.g., guest) could potentially exploit this vulnerability and inject SQL code to gain higher privileges. A SQL
CVE-2022-40777 Interspire Email Marketer through 6.5.0 allows upload of arbitrary php files via a survey_submit.php operation, which can be accessed via /admin/temp/surveys/.
A remote attacker could leverage this vulnerability to upload arbitrary files and obtain access to the Interspire Email Marketer installation via directory traversal. Additionally, a
Episode
00:00:00
00:00:00