Security Vulnerabilities - CVEs Published In May 2022
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-05-13
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-05-13
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-05-13
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-05-13
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
CVSS Score
6.1
EPSS Score
0.288
Published
2022-05-13
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
CVSS Score
8.1
EPSS Score
0.022
Published
2022-05-13
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
CVSS Score
9.8
EPSS Score
0.752
Published
2022-05-13
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-13
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-05-13
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-05-13