Security Vulnerabilities - CVEs Published In October 2021
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-10-29
DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.
CVSS Score
7.2
EPSS Score
0.006
Published
2021-10-29
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..
CVSS Score
9.8
EPSS Score
0.037
Published
2021-10-29
SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-29
An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. There is also no response after multiple attempts of contacting the original source.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-29
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.
CVSS Score
9.8
EPSS Score
0.068
Published
2021-10-29
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-10-29
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .
CVSS Score
8.8
EPSS Score
0.103
Published
2021-10-29
libmysofa is vulnerable to Heap-based Buffer Overflow
CVSS Score
6.2
EPSS Score
0.003
Published
2021-10-29
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-10-29