Security Vulnerabilities - CVEs Published In April 2023
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).
CVSS Score
7.2
EPSS Score
0.085
Published
2023-04-14
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-04-14
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-04-14
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-04-14
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.
CVSS Score
9.8
EPSS Score
0.015
Published
2023-04-14
WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function.
CVSS Score
8.8
EPSS Score
0.502
Published
2023-04-14
WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function.
CVSS Score
9.8
EPSS Score
0.011
Published
2023-04-14
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-14
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-14
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-04-14