CVE-2022-41480 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 has a buffer overflow in the 0x475dc function.
To exploit this vulnerability, an attacker would send a specially crafted HTTP request to the targeted Tenda WiFi device. An example of such a request
CVE-2022-40777 Interspire Email Marketer through 6.5.0 allows upload of arbitrary php files via a survey_submit.php operation, which can be accessed via /admin/temp/surveys/.
A remote attacker could leverage this vulnerability to upload arbitrary files and obtain access to the Interspire Email Marketer installation via directory traversal. Additionally, a
CVE-2022-3452 An issue was found in SourceCodester Book Store Management System 1.0. The file /category.php is affected.
It was discovered that the server is vulnerable to a SQL injection. The variable $category_name is accessible by anyone. An attacker can exploit this
CVE-2022-40825 B.C
An attacker can inject own SQL query to obtain sensitive information like database login credentials, etc. In the sample attack shown below, we can see
CVE-2022-32173 In v1.2.2 of Orchard Core, an authenticated user with an editor security role can inject a modal dialog component into the dashboard that will affect admin users.
This can be used to issue admin-level warnings or even perform actions as a logged in user. To exploit this issue, an attacker must trick
Episode
00:00:00
00:00:00