Security Vulnerabilities - CVEs Published In August 2022
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-26
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-26
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-26
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-26
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-08-26
There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-26
An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client"
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-26
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-26
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server's settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name.
CVSS Score
8.1
EPSS Score
0.003
Published
2022-08-26
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-08-26