Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-29992
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-12
CVE-2022-29993
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-12
CVE-2022-29994
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-12
CVE-2022-29995
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-12
CVE-2022-30279
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-12
CVE-2022-29538
RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources.
CVSS Score
5.3
EPSS Score
0.017
Published
2022-05-12
CVE-2022-29539
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user.
CVSS Score
9.8
EPSS Score
0.022
Published
2022-05-12
CVE-2022-29747
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-05-12
CVE-2022-29748
Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-05-12
CVE-2022-30525
Known exploited
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
CVSS Score
9.8
EPSS Score
0.944
Published
2022-05-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved