Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2021-45877
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-21
CVE-2021-45878
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-03-21
CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
CVSS Score
9.9
EPSS Score
0.793
Published
2022-03-21
CVE-2022-24656
HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-21
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command.
CVSS Score
6.4
EPSS Score
0.009
Published
2022-03-21
CVE-2022-0475
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
CVSS Score
3.5
EPSS Score
0.005
Published
2022-03-21
CVE-2022-1004
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-03-21
CVE-2022-25481
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.
CVSS Score
7.5
EPSS Score
0.44
Published
2022-03-21
CVE-2022-25505
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-03-21
CVE-2020-26007
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-03-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved