120 matches found
GSD-2022-1003862 rtc: mt6397: check return value after calling platform_get_resource()
rtc: mt6397: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.247 by commit...
GSD-2022-1003797 ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ASoC: mediatek: Fix error handling in mt8173max98090devprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...
GSD-2022-1003532 driver core: fix deadlock in __device_attach
driver core: fix deadlock in deviceattach This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.122 by commit...
GSD-2022-1003438 ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ASoC: mediatek: Fix error handling in mt8173max98090devprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...
GSD-2022-1002806 ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ASoC: mediatek: Fix error handling in mt8173max98090devprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...
CVE-2022-30898
CVE-2022-30898 affects Cscms Music Portal System v4.2. A CSRF flaw in the admin flow (notably via /Cscms_4.2/upload/admin.php/sys/save) allows remote attackers to change the administrator’s username and password. Multiple sources (NVD, RH, PRION, CNNVD, CVE listing) confirm the issue; exploitatio...
CVE-2022-30898
A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...
CVE-2022-29688
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...
CVE-2022-29681
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save...
CVE-2022-29686
CVE-2022-29686 affects CSCMS Music Portal System v4.2 and is due to a blind SQL injection in the id parameter of the endpoint /admin.php/singer/admin/lists/zhuan. The connected sources consistently describe a SQLi vulnerability that can expose or alter data in the backend; no exploitation details...
CVE-2022-29685
CVE-2022-29685 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection in the id parameter of /admin.php/User/level_sort, caused by lack of input validation. This can lead to unauthorized SQL execution and exposure of database data (confidentiality, integrity, and avail...
CVE-2022-29684
CVE-2022-29684 affects CSCMS Music Portal System v4.2. A blind SQL injection is reachable via the id parameter in /admin.php/Label/js_del (missing input validation). Documented impact is partial/high depending on metric, but no explicit exploit details or patches are provided in the supplied sour...
CVE-2022-29682
CVE-2022-29682 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection reachable via the id parameter in the administrative endpoint: /admin.php/vod/admin/topic/del. Public advisories describe the issue as an SQL injection that allows potentially unauthorized SQL statem...
CVE-2022-29683
CVE-2022-29683 affects CSCMS Music Portal System v4.2, with a blind SQL injection vulnerability exposed through the id parameter at /admin.php/Label/page_del. The root cause, as described in multiple records, is missing validation of external input in the SQL statement used by that endpoint. CVSS...