CyberSecurityBoard
Sponsor Register Login

CVE-2022-3972

A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213551.

Publication date: Sun, 13 Nov 2022 16:15:00 +0000


Cyber News related to CVE-2022-3972

CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2022-3972 - A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated ...
2 years ago
CVE-2008-3972 - pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner ...
7 years ago
CVE-2020-3972 - VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS ...
3 years ago
CVE-2005-3972 - Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. ...
14 years ago
CVE-2015-3972 - The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack. ...
1 year ago
CVE-2016-3972 - Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. ...
8 years ago
CVE-2006-3972 - Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter. ...
7 years ago
CVE-2013-3972 - IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. ...
7 years ago
CVE-2009-3972 - SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php. ...
7 years ago
CVE-2014-3972 - Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors. ...
6 years ago
CVE-2007-3972 - ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error. ...
6 years ago
CVE-2019-3972 - Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Denial of Service affecting CmdAgent.exe via an unprotected section object "<GUID>_CisSharedMemBuff". This section object is exposed by CmdAgent and contains a ...
5 years ago
CVE-2017-3972 - Infrastructure-based foot printing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to execute arbitrary code via the server banner leaking potentially sensitive or security relevant ...
5 years ago
CVE-2011-3972 - The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. ...
4 years ago
CVE-2012-3972 - The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain ...
4 years ago
CVE-2010-3972 - Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a ...
4 years ago
CVE-2021-3972 - A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying ...
2 years ago
CVE-2018-3972 - An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can ...
2 years ago
CVE-2023-3972 - A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered ...
1 year ago
CVE-2024-3972 - The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack ...
8 months ago
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
2 years ago Securityweek.com
CVE-2022-22012 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
2 years ago
CVE-2022-22013 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)