Latest vulnerabilities [Sunday, December 10, 2023]

Latest vulnerabilities [Sunday, December 10, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 12/10/2023 at 07:00:02 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(5) HIGH VULNERABILITIES [7.0, 8.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-6647

First published on : 10-12-2023 07:15:44
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-6647
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/gatsby2003/Sqlinjection/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247340 | source : cna@vuldb.com
https://vuldb.com/?id.247340 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6648

First published on : 10-12-2023 09:15:06
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability.

CVE ID : CVE-2023-6648
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247341 | source : cna@vuldb.com
https://vuldb.com/?id.247341 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6651

First published on : 10-12-2023 11:15:08
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247344.

CVE ID : CVE-2023-6651
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/850362564/BugHub/blob/main/Matrimonial%20Site%20System%20auth.php%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.247344 | source : cna@vuldb.com
https://vuldb.com/?id.247344 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6652

First published on : 10-12-2023 12:15:07
Last modified on : 10-12-2023 12:15:07

Description :
A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247345 was assigned to this vulnerability.

CVE ID : CVE-2023-6652
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/sweatxi/BugHub/blob/main/Matrimonial%20Site%20System%20functions.php%20%20has%20Sqlinjection.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.247345 | source : cna@vuldb.com
https://vuldb.com/?id.247345 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-6655

First published on : 10-12-2023 16:15:07
Last modified on : 10-12-2023 16:15:07

Description :
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6655
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/willchen0011/cve/blob/main/HongJing-sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247358 | source : cna@vuldb.com
https://vuldb.com/?id.247358 | source : cna@vuldb.com

Vulnerability : CWE-89


(4) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : vuldb.com

Vulnerability ID : CVE-2023-6654

First published on : 10-12-2023 15:15:07
Last modified on : 10-12-2023 15:15:07

Description :
A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

CVE ID : CVE-2023-6654
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/jw4Hp9cq7T69 | source : cna@vuldb.com
https://vuldb.com/?ctiid.247357 | source : cna@vuldb.com
https://vuldb.com/?id.247357 | source : cna@vuldb.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-6649

First published on : 10-12-2023 10:15:07
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6649
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/tsas-reflected-xss.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247342 | source : cna@vuldb.com
https://vuldb.com/?id.247342 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6650

First published on : 10-12-2023 11:15:07
Last modified on : 10-12-2023 11:50:56

Description :
A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247343.

CVE ID : CVE-2023-6650
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/x1280/CVE/blob/main/Cross-site%20Scriping_cashier.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247343 | source : cna@vuldb.com
https://vuldb.com/?id.247343 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6653

First published on : 10-12-2023 13:15:07
Last modified on : 10-12-2023 13:15:07

Description :
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-6653
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_add_sub.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.247346 | source : cna@vuldb.com
https://vuldb.com/?id.247346 | source : cna@vuldb.com

Vulnerability : CWE-352


(0) LOW VULNERABILITIES [0.1, 3.9]

(1) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-50446

First published on : 10-12-2023 17:15:07
Last modified on : 10-12-2023 17:15:07

Description :
An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.

CVE ID : CVE-2023-50446
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mullvad/mullvadvpn-app/pull/5398 | source : cve@mitre.org
https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6 | source : cve@mitre.org
https://github.com/mullvad/mullvadvpn-app/releases/tag/2023.6-beta1 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.