CVE-2022-42073 the lab management system is vulnerable to SQL injection via /diagnostic/editclient.php?id=
This can lead to remote code execution and information leak. Attackers can also inject malicious code into /diagnostic/editclient.php?id=; /diagnostic/editclient.php?id=
CVE-2022-41443 The iPiram v1.5.0 had a header injection vulnerability in the /admin/subnets/ripe-query.php component.
A successful attack can cause the injection of malicious code into a web server’s software or cause denial-of-service conditions for legitimate users. IPAM administrators
CVE-2022-3132 The Goolytics plugin before 1.1.2 has unsafe settings that allow users with high privilege to do CSRF attacks.
If you use the unfiltered_html setting and are logged in as a user with high privileges, an attacker could inject malicious code into comments
CVE-2022-3124 The Frontend File Manager Plugin before 21.3 allows any unauthenticated user to rename uploaded files.
or outside of WordPress. A malicious user could rename a plugin file, for example, rename wp-config.php to wp-config-remote.php and access a different configuration.
CVE-2022-2839 The Zephyr Project Management WordPress plugin before 3.2.55 has no authorisation or CSRF, which makes it vulnerable to CSRF and unauthenticated users.
The latest released version 3.2.56 of the Zephyr Project Manager WordPress plugin is released with the fix to this issue.
Unauthenticated users can
Episode
00:00:00
00:00:00