CVE-2022-2421 : SOCKET.IO JS LIBRARY ATTACHMENT PARSER SQL INJECTION

Description

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

References

https://csirt.divd.nl/cves/CVE-2022-2421

https://csirt.divd.nl/cases/DIVD-2022-00045

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

Description PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. References https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmspagebuilder.html For More Information MITRE

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

Description Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

CVE-2023-2781 : USER EMAIL VERIFICATION FOR WOOCOMMERCE PLUGIN UP TO 3.5.0 ON WORDPRESS IMPROPER AUTHENTICATION

CVE-2023-2781 : USER EMAIL VERIFICATION FOR WOOCOMMERCE PLUGIN UP TO 3.5.0 ON WORDPRESS IMPROPER AUTHENTICATION

Description The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up