A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

**Prerequisites**

*   \[Y \] I have written a descriptive issue title
*   \[Y\] I have verified that I am using the latest version of ImageMagick
*   \[Y\] I have searched open and closed issues to ensure it has not already been reported.

**Description**

There is a segmentation fault caused by the NPD in function ReadSVGImage, svg.c:3621 in ImageMagick 7.0.10.  
ImageMagick does not check the nullity of the pointer returned from libxml2 and dereference it directly.  
This directly leads to program crashes and segmentation fault.

**Steps to Reproduce**

1, To ensure reproduce, I use up space in the /tmp folder as a low-level privilege user.  
For example, to facilitate the reproducation,

    fallocate -l size_of_the_tmp_folder /tmp/test.img
    

2, Run:

    magick convert poc ./test.ps
    

seg-svg3621.zip (unzip first)

Here is the trace reported by ASAN:

    ASAN:SIGSEGV
    =================================================================
    ==112350==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x0000009fec8c bp 0x62700001f900 sp 0x7ffd383e31c0 T0)
        #0 0x9fec8b in ReadSVGImage ../coders/svg.c:3621
        #1 0xc8ba0c in ReadImage ../MagickCore/constitute.c:553
        #2 0x8dfbc1 in ReadPESImage ../coders/pes.c:673
        #3 0xc8ba0c in ReadImage ../MagickCore/constitute.c:553
        #4 0xc8ecbc in ReadImages ../MagickCore/constitute.c:943
        #5 0x12bfaef in ConvertImageCommand ../MagickWand/convert.c:607
        #6 0x13fd865 in MagickCommandGenesis ../MagickWand/mogrify.c:191
        #7 0x43992d in MagickMain ../utilities/magick.c:149
        #8 0x7efd17fa982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
        #9 0x439168 in _start (/mnt/data/playground/ImageMagick/build-asan/utilities/magick+0x439168)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV ../coders/svg.c:3621 ReadSVGImage
    ==112350==ABORTING
    

**System Configuration**

    CFLAGS='-I/usr/include/libxml2 -I/usr/include/libpng12  -I/usr/include/openjpeg-2.1 -I/usr/include/freetype2 -I/usr/include/freetype2  -fopenmp -Wall -O0 -g -fsanitize=address  -mtune=broadwell -fexceptions -pthread -DMAGICKCORE_HDRI_ENABLE=1 -DMAGICKCORE_QUANTUM_DEPTH=16'
    

*   ImageMagick version:  
    Version: ImageMagick 7.0.10-31 Q16 x86\_64 2020-09-22 https://imagemagick.org  
    Copyright: © 1999-2020 ImageMagick Studio LLC  
    License: https://imagemagick.org/script/license.php  
    Features: Cipher DPC HDRI OpenMP(4.0)  
    Delegates (built-in): bzlib fontconfig freetype jng jp2 jpeg lzma png x xml zlib
    
*   Environment (Operating system, version and so on):  
    DISTRIB\_ID=Ubuntu  
    DISTRIB\_RELEASE=16.04  
    DISTRIB\_CODENAME=xenial  
    DISTRIB\_DESCRIPTION="Ubuntu 16.04.6 LTS"
    
*   Additional information:
    

Here is the link for the function xmlCreatePushParserCtxt in libxml2,  
which indicates the return value can be NULL if fails.  
https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/parser.c#L12375

CVE-2021-3596: Null Pointer dereference caused by incomplete check of the return value from libxml2 in ReadSVGImage svg.c:3621 · Issue #2624 · ImageMagick/ImageMagick

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

CVE-2022-24407: security - Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2022-21705: Backport fix from 2.0 · octobercms/library@c393c5c

Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.

@@ -456,6 +456,13 @@ migrate\_export\_import\_profiles('export'); migrate\_export\_import\_profiles('import'); } 
// Scripts for 16.0 $afterversionarray = explode('.', '15.0.9'); $beforeversionarray = explode('.', '16.0.9'); if (versioncompare($versiontoarray, $afterversionarray) >= 0 && versioncompare($versiontoarray, $beforeversionarray) <= 0) { migrate\_user\_photospath2(); } } 
 
@@ -4505,8 +4512,7 @@ function migrate\_user\_photospath() } // dol\_delete\_dir($origin.'/'.$file); } } else // it is a file { } else { // it is a file if (!dol\_is\_file($destin.'/'.$file)) { //print $origin.'/'.$file.' -> '.$destin.'/'.$file.' '."\\n"; print '.'; @@ -4524,6 +4530,94 @@ function migrate\_user\_photospath() print '</td></tr>'; } 
/\*\* \* Migrate file from old path users/99/file.jpg into users/99/photos/file.jpg \* \* @return void \*/ function migrate\_user\_photospath2() { global $conf, $db, $langs, $user; 
print '<tr><td colspan="4">'; 
print ''.$langs\->trans('MigrationUserPhotoPath')." \\n"; 
include\_once DOL\_DOCUMENT\_ROOT.'/user/class/user.class.php'; $fuser = new User($db); 
if (!is\_object($user)) { $user = $fuser; // To avoid error during migration } 
$sql = "SELECT rowid as uid from ".MAIN\_DB\_PREFIX."user"; // Get list of all users $resql = $db\->query($sql); if ($resql) { while ($obj = $db\->fetch\_object($resql)) { $fuser\->fetch($obj\->uid); //echo '<hr>'.$fuser->id.' -> '.$fuser->entity; $entity = (empty($fuser\->entity) ? 1 : $fuser\->entity); if ($entity > 1) { $dir = DOL\_DATA\_ROOT.'/'.$entity.'/users'; } else { $dir = $conf\->user\->multidir\_output\[$entity\]; // $conf->user->multidir\_output\[\] for each entity is construct by the multicompany module } 
if ($dir) { //print "Process user id ".$fuser->id." \\n"; $origin = $dir.'/'.$fuser\->id; $destin = $dir.'/'.$fuser\->id.'/photos'; 
$origin\_osencoded = dol\_osencode($origin); 
dol\_mkdir($destin); 
//echo '<hr>'.$origin.' -> '.$destin; if (dol\_is\_dir($origin)) { $handle = opendir($origin\_osencoded); if (is\_resource($handle)) { while (($file = readdir($handle)) !== false) { if ($file == '.' || $file == '..' || $file == 'photos') { continue; } if (!empty($fuser\->photo) && ($file != $fuser\->photo && $file != 'thumbs')) { continue; } 
if (dol\_is\_dir($origin.'/'.$file)) { // it is a dir (like 'thumbs') $thumbs = opendir($origin\_osencoded.'/'.$file); if (is\_resource($thumbs)) { dol\_mkdir($destin.'/'.$file); while (($thumb = readdir($thumbs)) !== false) { if (!dol\_is\_file($destin.'/'.$file.'/'.$thumb)) { if ($thumb == '.' || $thumb == '..') { continue; } 
//print $origin.'/'.$file.'/'.$thumb.' -> '.$destin.'/'.$file.'/'.$thumb.' '."\\n"; print '.'; dol\_copy($origin.'/'.$file.'/'.$thumb, $destin.'/'.$file.'/'.$thumb, 0, 0); } } // dol\_delete\_dir($origin.'/'.$file); } } else { // it is a file if (!dol\_is\_file($destin.'/'.$file)) { //print $origin.'/'.$file.' -> '.$destin.'/'.$file.' '."\\n"; print '.'; dol\_copy($origin.'/'.$file, $destin.'/'.$file, 0, 0); } } } } } } } } 
print '</td></tr>'; } 
 
/\* A faire egalement: Modif statut paye et fk\_facture des factures payes completement

CVE-2022-0731: FIX #hunterb812ea22-0c02-46fe-b89f-04519dfb1ebd · Dolibarr/dolibarr@209ab70

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.

* Products
 * Openwall GNU/\*/Linux   _server OS_
 * Linux Kernel Runtime Guard
 * John the Ripper   _password cracker_
 * Free & Open Source for any platform
 * in the cloud
 * Pro for Linux
 * Pro for macOS
 * Wordlists   _for password cracking_
 * passwdqc   _policy enforcement_
 * Free & Open Source for Unix
 * Pro for Windows (Active Directory)
 * yescrypt   _KDF & password hashing_
 * yespower   _Proof-of-Work (PoW)_
 * crypt\_blowfish   _password hashing_
 * phpass   _ditto in PHP_
 * tcb   _better password shadowing_
 * Pluggable Authentication Modules
 * scanlogd   _port scan detector_
 * popa3d   _tiny POP3 daemon_
 * blists   _web interface to mailing lists_
 * msulogin   _single user mode login_
 * php\_mt\_seed   _mt\_rand() cracker_
* Services
* Publications
 * Articles
 * Presentations
* Resources
 * Mailing lists
 * Community wiki
 * Source code repositories (GitHub)
 * Source code repositories (CVSweb)
 * File archive & mirrors
 * How to verify digital signatures
 * OVE IDs
* What's new

\[<prev\] \[next>\] \[day\] \[month\] \[year\] \[list\]

Date: Fri, 3 Dec 2021 12:24:32 +0100
From: Oswald Buddenhagen <oswald.buddenhagen@....de>
To: isync-devel@...ts.sourceforge.net
Cc: oss-security@...ts.openwall.com
Subject: CVE-2021-3657: multiple buffer overflows in isync/mbsync

description:

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate
handling of extremely large (>=2GiB) IMAP literals, malicious or
compromised IMAP servers, and hypothetically even external email
senders, could cause several different buffer overflows, which could
conceivably be exploited for remote code execution.

mitigation:

upgrade to the freshly released v1.4.4 available from 
https://sourceforge.net/projects/isync/files/isync/ , or apply the 
matching attached patch. note that while a patch for v1.3.x is provided, 
no upstream release will be made any more.

details:

i'm not sure it's actually possible to pull off RCE with these. a
non-server attacker would be additionally impaired by message size
limitations and being unable to predict the exact size of the headers
stored in the box, so they would likely need an account on the same
liberally configured system, apart from knowing to target mbsync.

**View attachment "**CVE-2021-3657-buffer-overflows-on-big-1.4.patch**" of type "**text/x-diff**" (7190 bytes)**

**View attachment "**CVE-2021-3657-buffer-overflows-on-big-1.3.patch**" of type "**text/x-diff**" (5489 bytes)**

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2021-3657: security - CVE-2021-3657: multiple buffer overflows in isync/mbsync

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 14

*   Code
*   Issues 67
*   Pull requests 2
*   Actions
*   Projects 3
*   Wiki
*   Security
*   Insights

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

fix: \[security\] open endpoints should only be open when enabled

\- as reported by Dawid Czarnecki from Zigrin Security

*   Loading branch information

Showing **2 changed files** with **10 additions** and **2 deletions**.

*   *   IndividualsController.php
    *   OrganisationsController.php

6 changes: 5 additions & 1 deletion src/Controller/Open/IndividualsController.php

Expand Up

@@ -11,13 +11,17 @@

use Cake\\Http\\Exception\\MethodNotAllowedException;

use Cake\\Http\\Exception\\ForbiddenException;

use Cake\\Event\\EventInterface;

use Cake\\Core\\Configure;

  

class IndividualsController extends AppController

{

public function beforeFilter(EventInterface $event)

{

parent::beforeFilter($event);

$this\->Authentication\->allowUnauthenticated(\['index'\]);

$open = Configure::read('Cerebrate.open');

if (!empty($open) && in\_array('individuals', $open)) {

$this\->Authentication\->allowUnauthenticated(\['index'\]);

}

}

  

public function index()

Expand Down

6 changes: 5 additions & 1 deletion src/Controller/Open/OrganisationsController.php

Expand Up

@@ -10,13 +10,17 @@

use Cake\\Http\\Exception\\MethodNotAllowedException;

use Cake\\Http\\Exception\\ForbiddenException;

use Cake\\Event\\EventInterface;

use Cake\\Core\\Configure;

  

class OrganisationsController extends AppController

{

public function beforeFilter(EventInterface $event)

{

parent::beforeFilter($event);

$this\->Authentication\->allowUnauthenticated(\['index'\]);

$open = Configure::read('Cerebrate.open');

if (!empty($open) && in\_array('organisations', $open)) {

$this\->Authentication\->allowUnauthenticated(\['index'\]);

}

}

  

public function index()

Expand Down

**0 comments on commit a263234**

Please sign in to comment.

CVE-2022-25319: fix: [security] open endpoints should only be open when enabled · cerebrate-project/cerebrate@a263234

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

**hp-concentra-wrapper-portlet**

 Actions

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Severity

High

HP Reference

HPSBGN03762 Rev. 2

Release date

January 21, 2022

Last updated

January 25, 2022

Category

HP Support Assistant

Potential Security Impact

Privilege Escalation, Compromise of Integrity, Allowed Communication with Untrusted Clients, Unauthorized Modification of Files

**Relevant Common Vulnerabilities and Exposures (CVE) List**

PSR-2021-0077, CVE-2022-23453 (Ammarit Thongthua and Sitthinut Haruanpuach (Secure D Research team)), PSR-2021-0090, CVE-2022-23454 (Ammarit Thongthua and Chayanin Khawsanit (Secure D Research team)), PSR-2021-0091, CVE-2022-23455 (Ammarit Thongthua and Chayanin Khawsanit (Secure D Research team)), PSR-2021-0103, CVE-2022-23456 (Ammarit Thongthua, Chayanin Khawsanit, and Krischat Thataristorai (Secure D Research team)), PSR-2020-0083, CVE-2020-6917 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6918 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6919 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6920 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6921 (Jake Valletta and Rod Deichler, FireEye/Mandiant), CVE-2020-6922 (Jake Valletta and Rod Deichler, FireEye/Mandiant)

List of CVE IDs    

CVE ID

CVS 3.0

Severity

Vector

CVE-2022-23453

7.8

High

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23454

7.8

High

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23455

7.8

High

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-23456

7.8

High

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-6917

7.2

High

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

CVE-2020-6918

6.9

Medium

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CVE-2020-6919

6.9

Medium

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CVE-2020-6920

5.0

Medium

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CVE-2020-6921

6.9

Medium

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CVE-2020-6922

6.9

Medium

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2021-0077, PSR-2021-0090, PSR-2021-0091, PSR-2021-0103, PSR-2020-0083

**Resolution**

HP strives to address all security issues with HP Support Assistant at best possible speed and makes the latest version available with the fixes. HP recommends customers to update to latest version of HP Support Assistant that includes fixes to above listed issues by turning on automatic updates within HP Support Assistant settings. If the system has HP Support Assistant 8x version, HP advises customers to upgrade to HP Support Assistant 9 version by going to **About** section and checking for updates. If the system has HP Support Assistant version 9, HP recommends keeping MS store updates turned on so that the application is always kept up to date.

Alternately customers can also get latest version at https://www.hp.com/go/hpsupportassistant.

HP recommends keeping your system up to date with the latest firmware and software.

Note:

This bulletin might be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive:

*   Product support eAlerts
    
*   Driver updates
    
*   Security Bulletin updates
    

**Supported software versions**

Versions earlier than 9.11 of HP Support Assistant.

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

2

Relevant Common Vulnerabilities and Exposures (CVE) List text added.

January 25, 2022

1

Initial Release

January 22, 2022

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2022 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2020-6922: Multiple vulnerabilities in HP Support Assistant

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.

CVE-2022-24226: CVE/CVE-2022-24226/CVE-2022-24226.pdf at main · Nguyen-Trung-Kien/CVE

Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.

CVE-2021-46253 XSS v.0.12.7 store in archor cms 5.4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46253 https://nvd.nist.gov/vuln/detail/CVE-2021-46253 CVE-2021-46458 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add\_post. This vulnerability can be exploited through a crafted POST request via the post\_title parameter. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46458 https://nvd.nist.gov/vuln/detail/CVE-2021-46458 CVE-2021-46459 Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add\_user. These vulnerabilities can be exploited through a crafted POST request via the user\_name, user\_firstname,user\_lastname, or user\_email parameters. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46459 https://nvd.nist.gov/vuln/detail/CVE-2021-46459 CVE-2021-46253 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24226 https://nvd.nist.gov/vuln/detail/CVE-2022-24226 CVE-2022-24227 A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. 6.1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 CVE-2022-24585 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24585 https://nvd.nist.gov/vuln/detail/CVE-2022-24585 CVE-2022-24586 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24586 https://nvd.nist.gov/vuln/detail/CVE-2022-24586 CVE-2022-24587 A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24587 https://nvd.nist.gov/vuln/detail/CVE-2022-24587 CVE-2022-24588 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24588 https://nvd.nist.gov/vuln/detail/CVE-2022-24588 CVE-2022-24589 Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24589 https://nvd.nist.gov/vuln/detail/CVE-2022-24589 CVE-2022-24590 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24590 https://nvd.nist.gov/vuln/detail/CVE-2022-24590

CVE-2022-24588: GitHub - Nguyen-Trung-Kien/CVE: CVE Update

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter.

Tag

#php