Monthly Archive: April 2022

Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). Date published : 2022-04-22 https://github.com/UDKI11/vul/blob/main/link-admin.docx

JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. Date published : 2022-04-22 https://github.com/UDKI11/vul/blob/main/JFinalCMS-sqli-2.docx

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. Date published : 2022-04-22 https://github.com/UDKI11/vul/blob/main/Mcms%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0.docx https://github.com/ming-soft/MCMS

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. Date published :...

ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks....

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user...

Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `–upload-pack` command-line argument feature of git is also supported for...

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It’s the only payload I found working, you might need to press "tab" but there is...

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from...

SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data Date published : 2022-04-22 https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82

Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. Date published : 2022-04-22 https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301 https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary...

A potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code....

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. Date published : 2022-04-22 https://support.lenovo.com/us/en/product_security/LEN-78116