Security Vulnerabilities - CVEs Published In May 2022
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-05-24
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-05-24
Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-24
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-05-24
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-05-24
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-05-24
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
CVSS Score
9.0
EPSS Score
0.003
Published
2022-05-24
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-24
Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-24
Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-05-24