Security Vulnerabilities - CVEs Published In April 2024
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-04-08
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-04-08
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.
CVSS Score
7.5
EPSS Score
0.104
Published
2024-04-08
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
CVSS Score
8.8
EPSS Score
0.0
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
CVSS Score
9.8
EPSS Score
0.034
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
CVSS Score
8.8
EPSS Score
0.015
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
CVSS Score
8.0
EPSS Score
0.015
Published
2024-04-08