Security Vulnerabilities - CVEs Published In August 2023
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php.
CVSS Score
7.2
EPSS Score
0.009
Published
2023-08-17
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php.
CVSS Score
7.2
EPSS Score
0.01
Published
2023-08-17
Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-08-17
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.
CVSS Score
7.2
EPSS Score
0.009
Published
2023-08-17
lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-08-17
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-17
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
CVSS Score
9.8
EPSS Score
0.937
Published
2023-08-17
An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function.
CVSS Score
8.0
EPSS Score
0.001
Published
2023-08-17
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-17
lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-17