DHIS 2 prior 2.32-EOS/2.33-EOS/2.34.7/2.35.7/2.36.4 API Endpoint trackedEntityInstances sql injection

A vulnerability was found in DHIS 2. It has been declared as critical. This vulnerability affects an unknown part of the file /api/trackedEntityInstances of the component API Endpoint. Upgrading to version 2.32-EOS, 2.33-EOS, 2.34.7, 2.35.7 or 2.36.4 eliminates this vulnerability. Applying the patch 16674ac75127b0e83691c6b1c9ce745e67ab58b6 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-32405 : SOURCECODESTER PRISON MANAGEMENT SYSTEM 1.0 VIEW_PRISON.PHP ID SQL INJECTION

CVE-2022-32405 : SOURCECODESTER PRISON MANAGEMENT SYSTEM 1.0 VIEW_PRISON.PHP ID SQL INJECTION

Description Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/prisons/view_prison.php:4 References

CVE-2022-20651 : CISCO ADAPTIVE SECURITY DEVICE MANAGER LOG FILE

CVE-2022-20651 : CISCO ADAPTIVE SECURITY DEVICE MANAGER LOG FILE

Description A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker