Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-38833
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-09-16
CVE-2021-42949
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.
CVSS Score
9.8
EPSS Score
0.374
Published
2022-09-16
CVE-2022-37250
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-16
CVE-2022-38823
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-16
CVE-2022-38826
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-09-16
CVE-2022-38827
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi
CVSS Score
9.8
EPSS Score
0.124
Published
2022-09-16
CVE-2022-38808
ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-16
CVE-2022-38843
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-09-16
CVE-2022-38844
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.
CVSS Score
8.0
EPSS Score
0.006
Published
2022-09-16
CVE-2022-38845
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved