CVE-2022-42243 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
This can be exploited to execute arbitrary SQL commands. It is common practice to sanitize application input to reduce the risk of SQL injection. However,
CVE-2022-42242 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
When deleting a booking, the form allows users to enter any value they want into the ‘Booking ID’ field. An attacker can exploit this by
CVE-2022-42241 The system is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message.
A user can inject any SQL command they want to delete all messages from the messaging system. The script was last updated on March 28,
CVE-2022-41853 Using Statement or PreparedStatement in hsqldb may be vulnerable to remote code execution.
This issue was previously fixed in hsqldb (HyperSQL DataBase) but a regression allowing untrusted inputs to be executed was reintroduced in 2.7.1.
The
CVE-2022-40160 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
There are two ways this can happen. The first is when input data is supplied that the parser doesn’t understand, such as an illegal
Episode
00:00:00
00:00:00