Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-3478 |
Description: A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In IBOS OA 4.5.5 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion actionEdit der Datei ?r=dashboard/roleadmin/edit&op=member der Komponente Add User Handler. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.7) EPSS Score: 0.27%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-34648 |
Description: A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.
CVSS: LOW (0.0) EPSS Score: 0.08%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-34599 |
|
|
CVE-2023-34598 |
|
|
CVE-2023-34487 |
Description: itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.
CVSS: LOW (0.0) EPSS Score: 0.21%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-34486 |
|
|
CVE-2023-3447 |
Description: The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.
CVSS: HIGH (8.6) EPSS Score: 0.16%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-33466 |
Description: Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
CVSS: LOW (0.0) EPSS Score: 0.37%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-33411 |
Description: A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.
CVSS: LOW (0.0) EPSS Score: 0.21%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-33335 |
|