Lucene search
+L

120 matches found

OSV
OSV
added 2022/06/28 7:56 p.m.8 views

GSD-2022-1003862 rtc: mt6397: check return value after calling platform_get_resource()

rtc: mt6397: check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.247 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/06/28 7:49 p.m.7 views

GSD-2022-1003797 ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe

ASoC: mediatek: Fix error handling in mt8173max98090devprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/06/28 7:22 p.m.16 views

GSD-2022-1003532 driver core: fix deadlock in __device_attach

driver core: fix deadlock in deviceattach This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.122 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/06/28 7:15 p.m.10 views

GSD-2022-1003438 ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe

ASoC: mediatek: Fix error handling in mt8173max98090devprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/06/28 6:20 p.m.11 views

GSD-2022-1002806 ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe

ASoC: mediatek: Fix error handling in mt8173max98090devprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

7.2AI score
Exploits0
CVE
CVE
added 2022/06/09 6:52 p.m.73 views

CVE-2022-30898

CVE-2022-30898 affects Cscms Music Portal System v4.2. A CSRF flaw in the admin flow (notably via /Cscms_4.2/upload/admin.php/sys/save) allows remote attackers to change the administrator’s username and password. Multiple sources (NVD, RH, PRION, CNNVD, CVE listing) confirm the issue; exploitatio...

6.5CVSS6.6AI score0.00544EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/09 6:52 p.m.21 views

CVE-2022-30898

A Cross-site request forgery CSRF vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password...

6.8AI score0.00544EPSS
Exploits1References1
NVD
NVD
added 2022/05/26 2:15 p.m.18 views

CVE-2022-29688

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...

7.2CVSS0.00896EPSS
Exploits1References1
NVD
NVD
added 2022/05/26 2:15 p.m.17 views

CVE-2022-29681

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del...

7.2CVSS0.00896EPSS
Exploits1References1
Prion
Prion
added 2022/05/26 2:15 p.m.21 views

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan...

6.5CVSS8.9AI score0.00908EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/26 2:15 p.m.13 views

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...

6.5CVSS7.2AI score0.00896EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/26 2:15 p.m.18 views

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del...

7.5CVSS9.7AI score0.1144EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/26 2:15 p.m.16 views

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos...

6.5CVSS8.9AI score0.00908EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/26 2:15 p.m.19 views

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save...

6.5CVSS7.2AI score0.00793EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/26 2:15 p.m.16 views

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save...

6.5CVSS7.2AI score0.00793EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/26 1:27 p.m.57 views

CVE-2022-29686

CVE-2022-29686 affects CSCMS Music Portal System v4.2 and is due to a blind SQL injection in the id parameter of the endpoint /admin.php/singer/admin/lists/zhuan. The connected sources consistently describe a SQLi vulnerability that can expose or alter data in the backend; no exploitation details...

7.2CVSS7.2AI score0.00896EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/26 1:27 p.m.55 views

CVE-2022-29685

CVE-2022-29685 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection in the id parameter of /admin.php/User/level_sort, caused by lack of input validation. This can lead to unauthorized SQL execution and exposure of database data (confidentiality, integrity, and avail...

8.8CVSS8.9AI score0.00908EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/26 1:27 p.m.62 views

CVE-2022-29684

CVE-2022-29684 affects CSCMS Music Portal System v4.2. A blind SQL injection is reachable via the id parameter in /admin.php/Label/js_del (missing input validation). Documented impact is partial/high depending on metric, but no explicit exploit details or patches are provided in the supplied sour...

7.2CVSS7.2AI score0.00896EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/26 1:27 p.m.57 views

CVE-2022-29682

CVE-2022-29682 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection reachable via the id parameter in the administrative endpoint: /admin.php/vod/admin/topic/del. Public advisories describe the issue as an SQL injection that allows potentially unauthorized SQL statem...

7.2CVSS7.2AI score0.00896EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/26 1:27 p.m.64 views

CVE-2022-29683

CVE-2022-29683 affects CSCMS Music Portal System v4.2, with a blind SQL injection vulnerability exposed through the id parameter at /admin.php/Label/page_del. The root cause, as described in multiple records, is missing validation of external input in the SQL statement used by that endpoint. CVSS...

7.2CVSS7.2AI score0.00896EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder