Dernières vulnérabilités du Samedi 26 Août 2023

Dernières vulnérabilités du Samedi 26 Août 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Dernière mise à jour efféctuée le 26/08/2023 à 23:58:02

(0) Vulnérabilité(s) CRITICAL [9.0, 10.0]

(1) Vulnérabilité(s) HIGH [7.0, 8.9]

Source : microsoft.com

Vulnérabilité ID : CVE-2023-36741

Première publication le : 26-08-2023 01:15:08
Dernière modification le : 26-08-2023 04:05:04

Description :
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE ID : CVE-2023-36741
Source : secure@microsoft.com
Score CVSS : 8.3

Références :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741 | source : secure@microsoft.com


(3) Vulnérabilité(s) MEDIUM [4.0, 6.9]

Source : vuldb.com

Vulnérabilité ID : CVE-2023-4545

Première publication le : 26-08-2023 07:15:10
Dernière modification le : 26-08-2023 07:15:10

Description :
A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4545
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://github.com/siyu15/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.238056 | source : cna@vuldb.com
https://vuldb.com/?id.238056 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4548

Première publication le : 26-08-2023 10:15:11
Dernière modification le : 26-08-2023 10:15:11

Description :
A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.

CVE ID : CVE-2023-4548
Source : cna@vuldb.com
Score CVSS : 6.3

Références :
https://vuldb.com/?ctiid.238059 | source : cna@vuldb.com
https://vuldb.com/?id.238059 | source : cna@vuldb.com

Vulnérabilité : CWE-89


Vulnérabilité ID : CVE-2023-4544

Première publication le : 26-08-2023 05:15:49
Dernière modification le : 26-08-2023 05:15:49

Description :
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-4544
Source : cna@vuldb.com
Score CVSS : 4.3

Références :
https://github.com/jo1995hn/cve/blob/main/s856.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.238049 | source : cna@vuldb.com
https://vuldb.com/?id.238049 | source : cna@vuldb.com

Vulnérabilité : CWE-425


(2) Vulnérabilité(s) LOW [0.1, 3.9]

Source : vuldb.com

Vulnérabilité ID : CVE-2023-4546

Première publication le : 26-08-2023 08:15:08
Dernière modification le : 26-08-2023 08:15:08

Description :
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability.

CVE ID : CVE-2023-4546
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://github.com/hutianshuai/CVE/blob/main/information_disclosure.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.238057 | source : cna@vuldb.com
https://vuldb.com/?id.238057 | source : cna@vuldb.com

Vulnérabilité : CWE-284


Vulnérabilité ID : CVE-2023-4547

Première publication le : 26-08-2023 09:15:09
Dernière modification le : 26-08-2023 09:15:09

Description :
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-4547
Source : cna@vuldb.com
Score CVSS : 3.5

Références :
https://vuldb.com/?ctiid.238058 | source : cna@vuldb.com
https://vuldb.com/?id.238058 | source : cna@vuldb.com

Vulnérabilité : CWE-79


(0) Vulnérabilité(s) NO SCORE [0.0, 0.0]

Ce site web utilise l'API de la NVD, mais n'est pas approuvé ou certifié par la NVD.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.