Security Vulnerabilities - CVEs Published In February 2023
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-06
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-06
Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-06
Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
CRMEB 4.4.4 is vulnerable to Any File download.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-06
Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-06
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVSS Score
7.5
EPSS Score
0.82
Published
2023-02-06
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-06
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-06