Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2023
CVE-2023-29623
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.
CVSS Score
6.1
EPSS Score
0.161
Published
2023-04-14
CVE-2023-29625
Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-14
CVE-2023-29626
Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-14
CVE-2023-29627
Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-14
CVE-2023-29621
Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-14
CVE-2023-26969
Atropim 1.5.26 is vulnerable to Directory Traversal.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-04-14
CVE-2023-29132
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-04-14
CVE-2023-29491
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-04-14
CVE-2023-2034
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.
CVSS Score
9.1
EPSS Score
0.072
Published
2023-04-14
CVE-2023-27890
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved