Security Vulnerabilities - CVEs Published In March 2023
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. This affects the function query of the file admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222873 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-03-13
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.0
EPSS Score
0.002
Published
2023-03-13
A vulnerability was found in XHCMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. The manipulation of the argument user leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222874 is the identifier assigned to this vulnerability.
CVSS Score
7.3
EPSS Score
0.004
Published
2023-03-13
A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects the function 0x82730088 in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-03-13
A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222872.
CVSS Score
7.3
EPSS Score
0.003
Published
2023-03-13
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222871.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-03-13
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222870 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.003
Published
2023-03-13
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
CVSS Score
4.3
EPSS Score
0.003
Published
2023-03-13
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items
CVSS Score
4.3
EPSS Score
0.002
Published
2023-03-13
SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-03-13