Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-42334
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-20
CVE-2023-42335
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.
CVSS Score
8.8
EPSS Score
0.019
Published
2023-09-20
CVE-2023-43373
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
CVSS Score
9.8
EPSS Score
0.196
Published
2023-09-20
CVE-2023-43374
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
CVSS Score
9.8
EPSS Score
0.196
Published
2023-09-20
CVE-2023-43375
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-20
CVE-2023-43376
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-20
CVE-2023-43377
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-20
CVE-2023-39041
An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-20
CVE-2023-40368
IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-09-20
CVE-2023-43371
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-09-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved