Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-4959
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-15
CVE-2023-4662
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-15
CVE-2023-4663
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-15
CVE-2023-4664
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-09-15
CVE-2023-4665
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-15
CVE-2023-4833
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
CVE-2023-4835
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 .
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
CVE-2023-4661
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
CVE-2023-4670
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.This issue affects Probbys: before 2.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15
CVE-2023-4831
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: before 20230914 .
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved