Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-36259
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-12
CVE-2022-34108
An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-09-12
CVE-2022-34109
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-09-12
CVE-2022-34110
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-12
CVE-2022-36254
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".
CVSS Score
5.4
EPSS Score
0.003
Published
2022-09-12
CVE-2022-36255
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-12
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.
CVSS Score
6.1
EPSS Score
0.009
Published
2022-09-12
CVE-2022-37796
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).
CVSS Score
5.4
EPSS Score
0.003
Published
2022-09-12
CVE-2022-37794
In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-12
CVE-2022-40322
SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-09-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved