CVE-2022-38286 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
To exploit this issue, an attacker would need to submit malicous input in the form of a SQL query in an attempt to execute system
CVE-2022-2528 It is possible to upload a package with insufficient permissions after re-indexing packages.
This can result in deployment failure.
This issue is fixed in version 5.1.
Octopus Deploy 5.0.7 - 5.0.8 Octopus Deploy
CVE-2022-38269 Activity Updates with SMS Notification v1.0 had a SQL injection vulnerability.
If the user has the “modify” permission, they can inject SQL commands. In certain cases, this could lead to remote code execution. An attacker must
CVE-2022-38265 The Apartment Visitor Management System v1.0 had a SQL injection vulnerability.
When editing an apartment, an attacker could inject arbitrary SQL commands into the parameter value to cause the system to crash, delete critical data, or
CVE-2022-38267 Activity updates with SMS notification v1.0 had a SQL injection vulnerability.
An attacker can exploit this flaw to access or edit any database record of the affected application and cause significant disruption to its operations. Depending
Episode
00:00:00
00:00:00