CyberSecurityBoard
Sponsor Register Login

CVE-2022-1657

Vulnerable versions of the Jupiter (< 6.10.1) and JupiterX (< 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function.

Publication date: Mon, 13 Jun 2022 19:15:00 +0000


Cyber News related to CVE-2022-1657

CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2022-1657 - Vulnerable versions of the Jupiter (< 6.10.1) and JupiterX (< 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action ...
2 years ago Slug
CVE-2005-1657 - Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) ...
16 years ago
CVE-2002-1657 - PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. ...
7 years ago
CVE-2004-1657 - Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers. ...
7 years ago
CVE-2009-1657 - Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
7 years ago
CVE-2010-1657 - Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. ...
7 years ago
CVE-2012-1657 - Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. ...
7 years ago
CVE-2011-1657 - The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) ...
6 years ago
CVE-2008-1657 - OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. ...
6 years ago
CVE-2015-1657 - Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." ...
6 years ago
CVE-2007-1657 - Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. ...
6 years ago
CVE-2006-1657 - Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" ...
6 years ago
CVE-2016-1657 - The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar ...
6 years ago
CVE-2018-1657 - IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...
5 years ago
CVE-2019-1657 - A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure ...
4 years ago
CVE-2020-1657 - On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to ...
4 years ago
CVE-2021-1657 - Windows Fax Compose Form Remote Code Execution Vulnerability ...
4 years ago
CVE-2014-1657 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none ...
55 years ago Tenable.com
CVE-2024-1657 - A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data ...
1 year ago
CVE-2025-1657 - The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and ...
2 months ago
CVE-2023-52443 - In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd ...
1 year ago Tenable.com
CVE-2024-35814 - In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the alignment check fix"), which was a fix for commit ...
1 year ago Tenable.com
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
2 years ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)