CVE-2022-26266 - SQL Injection in Piwigo v12.2. via pwg.users.php – Exploit Details and Analysis
Piwigo is a popular open-source photo gallery software used by thousands to manage and share their photos on the web. In early 2022, a serious
CVE-2022-26520 In pgjdbc before 42.3.3, an attacker can write to files through the loggerFile and loggerLevel properties.
In all cases, it is a best practice to configure all JDBC connections with the minimal properties required for the application and server to function.
CVE-2022-0839 In liquibase/liquibase prior to 4.8.0, the GitHub repository had an Improper Restriction of XML Entity Reference. This vulnerability, when exploited, could lead to information disclosure.
This issue affects any application that relies on Liquibase to automatically enforce data integrity rules on a repository’s code base. It may also affect
CVE-2022-0841 OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
This issue was discovered by Peter Teven. This is a XSS issue. You can inject arbitrary HTML code in the repository listing via lockfile. This
CVE-2022-0411 The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route, leading to a SQL injection.
when accessing the “Settings” page via a REST route of the plugin. The attacker can exploit this to execute arbitrary SQL commands and obtain access
Episode
00:00:00
00:00:00