CVE-2022-43135 The v1.0 of the Diagnostic Lab Management System was discovered to contain a SQL injection vulnerability via the username parameter.
Reportedly, a low severity issue where an attacker can create a new user with the ‘Create’ privilege via the username parameter at /admin/settings.
The
CVE-2022-43234 An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code.
This vulnerability can be exploited by uploading a specially crafted file to /attachments. An attacker can upload a PHP shell script or use another method
CVE-2022-4021 The Permalink Manager lite plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in versions up to 2.2.20.1.
This occurs because the plugin does not perform nonce checking, which makes it possible for attackers to submit crafted requests and perform actions such as
CVE-2022-4022 The SVG Support plugin defaults to insecure settings. Files with malicious javascript are not sanitized.
This can lead to session hijacking, stealing of data, or download of malicious code. Additionally, the Use of untrusted sources on your site can lead
CVE-2022-45398 An CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CSRF is a type of Hijacking where an attacker tricks another user into performing an action on the victim’s behalf by tricking the victim
Episode
00:00:00
00:00:00