Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-41958
super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
7.3
EPSS Score
0.002
Published
2022-11-25
CVE-2022-44858
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-25
CVE-2022-44859
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-25
CVE-2022-44860
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-25
CVE-2022-45475
Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-11-25
CVE-2022-45476
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-11-25
CVE-2022-0698
Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.
CVSS Score
6.1
EPSS Score
0.008
Published
2022-11-25
CVE-2022-41705
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
CVSS Score
9.8
EPSS Score
0.02
Published
2022-11-25
CVE-2022-45205
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-11-25
CVE-2022-45206
Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved