Security Vulnerabilities - CVEs Published In September 2022
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-09
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-09
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-09
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-09-09
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-09
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-09
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-09
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-09
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-09
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-09