Security Vulnerabilities - CVEs Published In February 2023
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-03
SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-02-03
Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php.
CVSS Score
8.1
EPSS Score
0.003
Published
2023-02-03
Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-02-03
Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-03
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-03
An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-02-03
Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-02-03
File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-02-03
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-02-03