Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2020-26008
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-03-20
CVE-2021-39383
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
CVSS Score
9.8
EPSS Score
0.062
Published
2022-03-20
CVE-2021-39384
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-20
CVE-2021-42194
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-03-20
CVE-2022-25462
Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-20
CVE-2022-25464
A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-03-20
CVE-2022-26246
TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-20
CVE-2022-26247
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-03-20
CVE-2022-26555
A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-20
CVE-2021-44345
Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-03-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved