Security Vulnerabilities - CVEs Published In January 2025
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
6.5
EPSS Score
0.003
Published
2025-01-17
WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-01-17
Clickjacking vulnerability in typecho v1.2.1.
CVSS Score
6.4
EPSS Score
0.001
Published
2025-01-17
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-17
A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-01-17
Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter.
CVSS Score
8.1
EPSS Score
0.007
Published
2025-01-17
WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-01-17
WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-01-17
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-01-17
A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-17