CVE-2022-38272 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
An attacker can inject arbitrary SQL commands into the database by injecting a parameter into the URL. For example, an attacker can inject the following
CVE-2022-38283 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.
By passing a certain parameter to the query, an attacker can execute arbitrary SQL code and obtain sensitive information. - Fixed in 5.1.1.
CVE-2022-38286 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
To exploit this issue, an attacker would need to submit malicous input in the form of a SQL query in an attempt to execute system
CVE-2022-2528 It is possible to upload a package with insufficient permissions after re-indexing packages.
This can result in deployment failure.
This issue is fixed in version 5.1.
Octopus Deploy 5.0.7 - 5.0.8 Octopus Deploy
CVE-2022-38269 Activity Updates with SMS Notification v1.0 had a SQL injection vulnerability.
If the user has the “modify” permission, they can inject SQL commands. In certain cases, this could lead to remote code execution. An attacker must
Episode
00:00:00
00:00:00