Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-27294
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-04-10
CVE-2022-27295
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-04-10
CVE-2022-27476
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-04-10
CVE-2022-27477
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-10
CVE-2022-27958
Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-04-10
CVE-2022-27960
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-04-10
CVE-2022-27961
A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-10
CVE-2022-27126
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-10
CVE-2022-27127
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-10
CVE-2022-27128
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved