CVE-2022-23726 Previous versions of the PingCentral Ping API exposed Spring Boot actuator endpoints with administrative authentication that gives away sensitive information.
The most common attack scenario is via an outside party using a web crawling tool to search for available endpoints and then craft a request
CVE-2022-33880 Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.
This issue exists because of the way the type parameter is sanitized when passing data into the SELECT statement. A remote attacker can leverage this
CVE-2022-35137 DGIOT 4.5.4 had multiple XSS vulnerabilities.
These issues could be exploited by malicious people to conduct cross-site scripting attacks. A total of 14 XSS flaws were found in DGIOT Lightweight industrial
CVE-2022-40887 SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.
The application allows users to input a SQL query via the ‘Edit Test Result’ form. Thus, attackers can inject malicious SQL code and obtain access
CVE-2020-15334 The Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape sequence injection into the /var/log/axxmpp.log file.
This can be exploited to execute arbitrary code on the device or to obtain sensitive information. Zyxel has released Zyxel CloudCNM SecuManager 3.1.1.
Episode
00:00:00
00:00:00