Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2023
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.
CVSS Score
5.3
EPSS Score
0.035
Published
2023-04-16
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.
CVSS Score
6.5
EPSS Score
0.046
Published
2023-04-16
The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter.
CVSS Score
7.5
EPSS Score
0.012
Published
2023-04-16
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.
CVSS Score
7.5
EPSS Score
0.067
Published
2023-04-16
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.
CVSS Score
9.8
EPSS Score
0.077
Published
2023-04-16
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.
CVSS Score
7.5
EPSS Score
0.049
Published
2023-04-16
OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-04-16
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure.
CVSS Score
7.5
EPSS Score
0.098
Published
2023-04-16
Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page.
CVSS Score
8.8
EPSS Score
0.107
Published
2023-04-16
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.
CVSS Score
7.5
EPSS Score
0.08
Published
2023-04-16


Contact Us

Shodan ® - All rights reserved