Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-46356
In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-31
CVE-2023-47174
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.032
Published
2023-10-31
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-31
CVE-2023-46040
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-31
CVE-2023-45899
An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-31
CVE-2023-5867
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-10-31
CVE-2023-31794
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-10-31
CVE-2023-5861
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-10-31
CVE-2023-5862
Missing Authorization in GitHub repository hamza417/inure prior to Build95.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-10-31
CVE-2023-5863
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
CVSS Score
7.4
EPSS Score
0.085
Published
2023-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved