Security Vulnerabilities - CVEs Published In January 2022
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-01-31
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVSS Score
9.8
EPSS Score
0.02
Published
2022-01-31
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
CVSS Score
7.5
EPSS Score
0.578
Published
2022-01-31
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
CVSS Score
7.5
EPSS Score
0.554
Published
2022-01-31
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
CVSS Score
7.5
EPSS Score
0.536
Published
2022-01-31
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Users are advised to upgrade to version 3.4.4 as soon as possible. There are no known workarounds for this issue.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-01-31
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-31
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.
CVSS Score
8.1
EPSS Score
0.206
Published
2022-01-31
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.
CVSS Score
8.1
EPSS Score
0.235
Published
2022-01-31
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-01-31
Page 1