CVE-2022-31883 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability
Marval MSM v14.19.0.12476 has a Cross-Site Request Forgery (CSRF) Vulnerability. A low privilege user is able to change the settings of another
CVE-2022-31101 Blockwishlist adds a block containing customer's wishlists to affected versions of Prestashop, which is fixed in version 2.1.1. Users are advised to upgrade.
Prestashop versions 2.1.0 to 2.1.0.4, 2.0.15 to 2.0.15.4, 2.1.0 to 2.1.0.
CVE-2022-22980 The application is vulnerable to SpEL injection if the @Query or @Aggregation-annotated query methods are used with SpEL expressions that contain query parameter placeholders for value binding.
As a result, malicious users can craft a malicious query that will be executed against the database by a user with the appropriate permissions. This
CVE-2022-31626 With pdo_mysql extension and mysqlnd driver, if the third party allows to connect to the host, and the password is of excessive length, it can't be decrypted by the server.
It has been reported that the vulnerability exists in pdo_mysql extension with mysqlnd driver, which is currently being patched by most of the vendors.
CVE-2022-31625 Postgres database extension doesn't like invalid parameters in older versions of PHP. This can lead to memory being freed using uninitialized data as pointers.
Parameter sniffing is a security feature in most modern programming languages that prevents accidental access to uninitialized data by checking the type of each variable
Episode
00:00:00
00:00:00