Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2022
CVE-2022-39367
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files into other locations in the filesystem if they are writable by the process running the QTIWorks Engine. In extreme cases, this could allow anonymous users to change files in arbitrary locations in the filesystem. In normal QTIWorks Engine deployments, the impact is somewhat reduced because the default QTIWorks configuration does not enable the public demo functionality, so ZIP files can only be uploaded by users with "instructor" privileges. This vulnerability is fixed in version 1.0-beta15. There are no database configuration changes required when upgrading to this version. No known workarounds for this issue exist.
CVSS Score
8.6
EPSS Score
0.001
Published
2022-10-28
CVE-2022-3697
A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-28
CVE-2021-38730
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-28
CVE-2021-38731
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-28
CVE-2021-38732
SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-10-28
CVE-2021-38733
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-10-28
CVE-2022-37424
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery.
CVSS Score
6.5
EPSS Score
0.007
Published
2022-10-28
CVE-2021-36863
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-28
CVE-2021-38217
SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-28
CVE-2021-38728
SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved