Security Vulnerabilities - CVEs Published In March 2024
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue.
CVSS Score
7.5
EPSS Score
0.012
Published
2024-03-21
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-us.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257606 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-03-21
A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-03-21
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-03-21
SQL injection vulnerability exists in GetDIAE_astListParameters.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-03-21
Improper neutralization of input within the affected product could lead to cross-site scripting.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-03-21
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-03-21
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-03-21
A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.
CVSS Score
4.9
EPSS Score
0.003
Published
2024-03-21
SQL injection vulnerability exists in GetDIAE_unListParameters.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-03-21