Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-29977
There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-05-11
CVE-2022-29978
There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-05-11
CVE-2022-28077
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-11
CVE-2022-28078
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.
CVSS Score
6.1
EPSS Score
0.014
Published
2022-05-11
CVE-2022-29006
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
CVSS Score
9.8
EPSS Score
0.859
Published
2022-05-11
CVE-2022-29007
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
CVSS Score
9.8
EPSS Score
0.923
Published
2022-05-11
CVE-2022-29317
Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-11
CVE-2022-29318
An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.01
Published
2022-05-11
CVE-2022-29655
An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.01
Published
2022-05-11
CVE-2022-29656
Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-05-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved