CVE-2022-36203 Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel
XSS can lead to hijacking of admin panel and stealing cookies. The administrator credentials can be used by attackers to take over the system, install
CVE-2022-36580 An arbitrary file upload vulnerability in the admin products controller of Online Ordering System v2.3.2 allows attackers to execute arbitrary code.
The component /admin/products/controller.php?action=modify allows users to modify already created products. The component /admin/products/controller.php?action=view allows users
CVE-2022-36581 An SQL injection vulnerability was found in the Ordering System v2.3.2 plugin's user_email parameter.
A user with the privileges of administrator account can inject arbitrary SQL queries that would lead to a potential escalation of privilege.
Another SQL injection
CVE-2022-38812 AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
A remote attacker can leverage this flaw to execute arbitrary SQL commands in the application’s database.
The issue is present in the ‘author’ field
CVE-2022-1552 - PostgreSQL Flaw Lets Users Run Code as Superuser
PostgreSQL is known for its robustness and focus on security. But in 2022, researchers uncovered a serious flaw, CVE-2022-1552, that lets someone with certain permissions
Episode
00:00:00
00:00:00