Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2022-32366
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-14
CVE-2022-32367
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-14
CVE-2021-42675
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.
CVSS Score
9.8
EPSS Score
0.042
Published
2022-06-14
CVE-2022-27668
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
CVSS Score
9.8
EPSS Score
0.025
Published
2022-06-14
CVE-2022-29612
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-14
CVE-2022-30930
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
CVSS Score
4.3
EPSS Score
0.002
Published
2022-06-14
CVE-2022-31403
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.
CVSS Score
6.1
EPSS Score
0.023
Published
2022-06-14
CVE-2022-32337
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-14
CVE-2022-32557
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-06-14
CVE-2022-32559
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics.
CVSS Score
9.1
EPSS Score
0.009
Published
2022-06-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved