Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2022-23335
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in language_general.class.php via doModifyParameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-02-14
CVE-2022-23336
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-14
CVE-2022-23337
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
CVSS Score
9.8
EPSS Score
0.102
Published
2022-02-14
CVE-2022-23389
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
CVSS Score
9.8
EPSS Score
0.101
Published
2022-02-14
CVE-2022-23390
An issue in the getType function of BBS Forum v5.3 and below allows attackers to upload arbitrary files.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-02-14
CVE-2022-23391
A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-14
CVE-2022-23637
K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-14
CVE-2022-23638
svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.
CVSS Score
6.2
EPSS Score
0.001
Published
2022-02-14
CVE-2022-23902
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-14
CVE-2022-24206
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved