Security Vulnerabilities - CVEs Published In June 2022
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.
CVSS Score
9.8
EPSS Score
0.102
Published
2022-06-02
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.
CVSS Score
9.8
EPSS Score
0.147
Published
2022-06-02
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.
CVSS Score
8.8
EPSS Score
0.063
Published
2022-06-02
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.
CVSS Score
9.8
EPSS Score
0.133
Published
2022-06-02
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-06-02
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-06-02
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins.
CVSS Score
9.8
EPSS Score
0.035
Published
2022-06-02