Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2022-29650
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-25
CVE-2022-29651
An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.009
Published
2022-05-25
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-05-25
CVE-2022-28862
In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-25
CVE-2022-30321
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
CVSS Score
8.6
EPSS Score
0.008
Published
2022-05-25
CVE-2022-30322
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
CVSS Score
8.6
EPSS Score
0.003
Published
2022-05-25
CVE-2022-30323
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
CVSS Score
8.6
EPSS Score
0.003
Published
2022-05-25
CVE-2022-30595
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
CVSS Score
9.8
EPSS Score
0.036
Published
2022-05-25
CVE-2021-44974
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-05-25
CVE-2022-1883
SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.
CVSS Score
9.6
EPSS Score
0.649
Published
2022-05-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved