Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2022-30927
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-06
CVE-2022-31494
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-06-06
CVE-2022-27438
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.
CVSS Score
8.1
EPSS Score
0.123
Published
2022-06-06
CVE-2022-32511
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
CVSS Score
9.8
EPSS Score
0.021
Published
2022-06-06
CVE-2022-29631
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-06
CVE-2022-30469
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection.
CVSS Score
8.8
EPSS Score
0.014
Published
2022-06-06
CVE-2022-31498
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-06-06
CVE-2020-6220
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.
CVSS Score
4.4
EPSS Score
0.001
Published
2022-06-06
CVE-2022-29617
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-06-06
CVE-2022-30587
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-06-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved