Monthly Archive: May 2022

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/elitecms-1.01/SQLi-6.md

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/elitecms-1.01/SQLi-4.md

Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/argie/online-ordering-system/SQLi-5.md

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/argie/online-ordering-system/SQLi-2.md

Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/argie/online-ordering-system/SQLi-3.md

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/argie/online-ordering-system/SQLi-4.md

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/argie/online-ordering-system/SQLi-1.md

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke...

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. Date published : 2022-05-31 https://github.com/Creatiwity/wityCMS/issues/161

LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. Date published : 2022-05-31 https://github.com/librenms/librenms/pull/13932

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. Date published : 2022-05-31 https://github.com/librenms/librenms/commit/cc6112b8fb36039b862b42d86eb79ef7ee89d31b https://github.com/librenms/librenms/pull/13931

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the...

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function ‘isFileOutsideDir’ fails to sanitize the user input which may lead to path traversal. Date published : 2022-05-31 https://github.com/whitesource/CureKit/commit/af35e870ed09411d2f1fae6db1b04598cd1a31b6 https://www.mend.io/vulnerability-database/CVE-2022-23082

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 – V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through...