4 matches found
CVE-2022-40842
CVE-2022-40842 affects ndk design NdkAdvancedCustomizationFields 3.5.0 and is a Server-Side Request Forgery (SSRF) issue exposed via rotateimg.php. The CVSS v3.1 base score is 9.1 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impact is confidentiality and...
CVE-2022-40841
CVE-2022-40841 describes a cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0. The issue arises from crafting payloads injected into the htmlNodes parameter, allowing attackers to execute arbitrary web scripts or HTML in victims’ browsers. CVSS v3.1 base score is 6....
CVE-2022-40840
CVE-2022-40840 affects NdkAdvancedCustomizationFields 3.5.0 and is exposed to Cross-Site Scripting via the createPdf.php endpoint. The available connected documents indicate the issue is an XSS vulnerability; no exploit code or in-the-wild details are provided. Remediation information across sour...
CVE-2022-40839
CVE-2022-40839 is a SQL injection vulnerability in the height and width parameters of NdkAdvancedCustomizationFields v3.5.0. The issue allows unauthenticated remote attackers to exfiltrate database data. CVSSv3.1 base score 7.5 (HIGH) with Network attack vector, low attack complexity, no privileg...