CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2023/08/01 12:0 a.m.•203 views

AMSS++ 6.1 SQL Injection

==================================================================================================================================== | Title : AMSS++ V6.1 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...

7.1AI score

Prion•added 2023/03/16 8:15 p.m.•22 views

Path traversal

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...

7.5CVSS9.5AI score0.00267EPSS

Exploits0References2Affected Software1

OSV•added 2023/02/13 5:30 p.m.•8 views

GSD-2023-1001967 btrfs: qgroup: do not warn on record without old_roots populated

btrfs: qgroup: do not warn on record without oldroots populated This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.8 by commit...

7.2AI score

OSV•added 2023/01/31 3:41 p.m.•13 views

GSD-2023-1001685 wifi: mac80211: fix initialization of rx->link and rx->link_sta

wifi: mac80211: fix initialization of rx-link and rx-linksta This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.8 by commit...

7.2AI score

OSV•added 2023/01/31 3:41 p.m.•6 views

GSD-2023-1001683 proc: fix PIE proc-empty-vm, proc-pid-vm tests

proc: fix PIE proc-empty-vm, proc-pid-vm tests This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.8 by commit...

7.2AI score

NVD•added 2022/09/16 2:15 p.m.•8 views

CVE-2022-38808

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface...

8.8CVSS0.00239EPSS

Prion•added 2022/09/16 2:15 p.m.•11 views

Sql injection

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface...

6.5CVSS9AI score0.00239EPSS

CVE•added 2022/09/16 1:39 p.m.•39 views

CVE-2022-38808

ywoa v6.1 is affected by a SQL injection in the backend/oa/visual/exportExcel.do endpoint. The vulnerability is documented across NVD/Red Hat and other feeds, indicating an input handling flaw that allows SQL injection. Impact is described as High (C/H, I/H, A/H) with network attack vector, low p...

8.8CVSS9AI score0.00239EPSS

Cvelist•added 2022/09/16 1:39 p.m.•13 views

CVE-2022-38808

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface...

9.3AI score0.00239EPSS

NVD•added 2022/08/19 3:15 p.m.•12 views

CVE-2022-36606

Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database...

9.8CVSS0.00334EPSS

NVD•added 2022/08/19 3:15 p.m.•9 views

CVE-2022-36605

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter...

9.8CVSS0.0031EPSS

Prion•added 2022/08/19 3:15 p.m.•10 views

Sql injection

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter...

7.5CVSS9.8AI score0.0031EPSS

CVE•added 2022/08/19 2:43 p.m.•55 views

CVE-2022-36606

CVE-2022-36606 affects Ywoa prior to v6.1 and is a SQL injection in the API endpoint /oa/setup/checkPool?database. The root cause is unparameterized input handling in the checkPool endpoint, enabling an attacker to perform unauthenticated remote SQL injection (high impact: C/H, I/H, A/H per NVD)....

9.8CVSS9.8AI score0.00334EPSS

CVE•added 2022/08/19 2:43 p.m.•55 views

CVE-2022-36605

CVE-2022-36605 concerns Yimioa v6.1, where a SQL injection vulnerability is exposed through the orderbyGET parameter. The vulnerability arises in user-controlled input that affects database queries, with the CVSS v3.1 base score of 9.8 (CRITICAL; Network attack vector, no user interaction require...

9.8CVSS9.7AI score0.0031EPSS

Cvelist•added 2022/08/19 2:43 p.m.•13 views

CVE-2022-36605

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter...

10AI score0.0031EPSS

NVD•added 2022/05/12 6:16 p.m.•12 views

CVE-2022-29363

Phpok v6.1 was discovered to contain a deserialization vulnerability via the updatef function in logincontrol.php. This vulnerability allows attackers to getshell via writing arbitrary files...

9.8CVSS0.00204EPSS

Prion•added 2022/05/12 6:16 p.m.•14 views

Deserialization of untrusted data

Phpok v6.1 was discovered to contain a deserialization vulnerability via the updatef function in logincontrol.php. This vulnerability allows attackers to getshell via writing arbitrary files...

7.5CVSS9.4AI score0.00204EPSS

CVE•added 2022/05/12 5:15 p.m.•66 views

CVE-2022-29363

CVE-2022-29363 affects Phpok v6.1, where a deserialization vulnerability in login_control.php:update_f() allows an attacker to write arbitrary files, enabling shell access (getshell). The issue is documented with high/critical impact (C/P/I/A = high/partial/high/partial; CVSS 3.1 base score 9.8)....

9.8CVSS9.4AI score0.00204EPSS

Cvelist•added 2022/05/12 5:15 p.m.•15 views

CVE-2022-29363

Phpok v6.1 was discovered to contain a deserialization vulnerability via the updatef function in logincontrol.php. This vulnerability allows attackers to getshell via writing arbitrary files...

9.7AI score0.00204EPSS