Security Vulnerabilities - CVEs Published In May 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022.
CVSS Score
4.2
EPSS Score
0.003
Published
2022-05-12
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-05-12
Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-05-12
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
CVSS Score
7.5
EPSS Score
0.823
Published
2022-05-12
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-05-12
CVE-2022-29303
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2022-05-12
IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-12
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.
CVSS Score
9.8
EPSS Score
0.067
Published
2022-05-12
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-12
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-12