CVE-2022-37123 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi
An attacker can inject arbitrary commands into the application by injecting the command into the URL. For example, the following command can be injected into
CVE-2022-37130
After entering the above URL, you will see two links, one is goform/Diagnosis and another one is goform/Configuration, click on goform/Configuration and
CVE-2022-36203 Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel
XSS can lead to hijacking of admin panel and stealing cookies. The administrator credentials can be used by attackers to take over the system, install
CVE-2022-36580 An arbitrary file upload vulnerability in the admin products controller of Online Ordering System v2.3.2 allows attackers to execute arbitrary code.
The component /admin/products/controller.php?action=modify allows users to modify already created products. The component /admin/products/controller.php?action=view allows users
CVE-2022-36581 An SQL injection vulnerability was found in the Ordering System v2.3.2 plugin's user_email parameter.
A user with the privileges of administrator account can inject arbitrary SQL queries that would lead to a potential escalation of privilege.
Another SQL injection
Episode
00:00:00
00:00:00