Security Vulnerabilities - CVEs Published In September 2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-09-29
Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-09-29
A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-29
A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-09-29
A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-240868.
CVSS Score
2.7
EPSS Score
0.0
Published
2023-09-29
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240869 was assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-09-29
A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-29
A remote unauthorized attacker may connect to the SIM1012, interact with the device and
change configuration settings. The adversary may also reset the SIM and in the worst case upload a
new firmware version to the device.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-29
A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.0
Published
2023-09-29
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
CVSS Score
3.8
EPSS Score
0.0
Published
2023-09-29