Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2023
CVE-2021-36432
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-03
CVE-2021-36433
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-02-03
CVE-2021-36434
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-02-03
CVE-2021-36443
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-02-03
CVE-2021-36444
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-02-03
CVE-2023-22975
A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-02-03
CVE-2023-24157
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-03
CVE-2023-24151
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.018
Published
2023-02-03
CVE-2023-24152
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.018
Published
2023-02-03
CVE-2023-24153
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.018
Published
2023-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved