CVE-2022-22525 In Gavazzi UWP3.0 and CPY Car Park Server v2.8.3, an attacker with admin rights could execute arbitrary commands due to missing input sanitization.
when restoring backups of remote servers. The attacker could use this issue to install software on the affected system, view sensitive information, or take actions
CVE-2022-32170 The "Bytebase" application does not restrict low privilege user access to admin "projects" for which an unauthorized user can view the affected endpoint.
The vulnerability can be exploited by an unprivileged user and has been reported to the vendor and assigned with a severity rating of “High“. The
CVE-2022-39033 The acquisition function of the smart vision file has a vulnerability due to the lack of filtering of special characters in the URL parameter.
The function that handles file downloads on the Smart eVision OS is vulnerable. An attacker can exploit this to download and delete arbitrary files on
CVE-2022-40877 Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.
The id parameter is usually used to select a specific record when creating a new post. If an attacker inputs ‘;’ or other malicious characters into
CVE-2022-40199 An attacker with administrative privileges can obtain the product's directory structure.
This can potentially lead to the disclosure of sensitive information, such as usernames and password hash values. An attacker can exploit this vulnerability to gain
Episode
00:00:00
00:00:00