Security Vulnerabilities - CVEs Published In September 2022
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-16
Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-16
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-16
OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.
CVSS Score
8.8
EPSS Score
0.015
Published
2022-09-16
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
CVSS Score
3.7
EPSS Score
0.002
Published
2022-09-16
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi
CVSS Score
9.8
EPSS Score
0.396
Published
2022-09-16
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-16
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-16
Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-16
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-16