Security Vulnerabilities - CVEs Published In March 2022
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload.
CVSS Score
9.8
EPSS Score
0.026
Published
2022-03-10
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-10
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.
CVSS Score
8.8
EPSS Score
0.108
Published
2022-03-10
Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-10
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-10
Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-10
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-10
Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-10
Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-10
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-10