Security Vulnerabilities - CVEs Published In February 2022
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.
CVSS Score
8.1
EPSS Score
0.25
Published
2022-02-01
iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVSS Score
6.5
EPSS Score
0.007
Published
2022-02-01
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-02-01
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-02-01
eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-01
An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-02-01
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-01
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-01
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-01
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-01