CVE-2022-30619 An In-Editorable SQL Query that can be used to send to the Server-Side of a particular API used in legacy Work Center module. Attack is available to any authenticated user, in any kind of rule.
the user can enter any SQL query in a SQL query box and press enter to send the query. the query can be of any
CVE-2022-28127 An API vulnerability in Robustel R1510 3.3.0 allows deletion of arbitrary files.
Robustel has acknowledged this issue and released version R1512.
Vulnerability – SQL Injection
A vulnerability was discovered in Robustel, which can allow attackers to access certain
CVE-2022-31883 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability
Marval MSM v14.19.0.12476 has a Cross-Site Request Forgery (CSRF) Vulnerability. A low privilege user is able to change the settings of another
CVE-2022-31101 Blockwishlist adds a block containing customer's wishlists to affected versions of Prestashop, which is fixed in version 2.1.1. Users are advised to upgrade.
Prestashop versions 2.1.0 to 2.1.0.4, 2.0.15 to 2.0.15.4, 2.1.0 to 2.1.0.
CVE-2022-22980 The application is vulnerable to SpEL injection if the @Query or @Aggregation-annotated query methods are used with SpEL expressions that contain query parameter placeholders for value binding.
As a result, malicious users can craft a malicious query that will be executed against the database by a user with the appropriate permissions. This
Episode
00:00:00
00:00:00