Total
3006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42037 | 1 Democritus | 1 D8s-asns | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42036 | 1 Democritus | 1 D8s-urls | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42034 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-11-21 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | |||||
| CVE-2022-42029 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 8.8 HIGH |
| Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. | |||||
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2024-11-21 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||
| CVE-2022-41705 | 1 Uatech | 1 Badaso | 2024-11-21 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 9.9 CRITICAL |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-41539 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-11-21 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41538 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-11-21 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41537 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41534 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41533 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41512 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41504 | 1 Billing System Project | 1 Billing System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41437 | 1 Billing System Project Project | 1 Billing System Project | 2024-11-21 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. | |||||
| CVE-2022-41406 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41387 | 1 Democritus | 1 D8s-pdfs | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||