From a0e542ce5882dfcbd1a00966058fc2ad8b25061b Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 20 Feb 2023 10:04:30 +0000 Subject: [PATCH] Auto Generated cves.json [Mon Feb 20 10:04:30 UTC 2023] :robot: --- cves.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves.json b/cves.json index cbf9ff62b4..60b791a195 100644 --- a/cves.json +++ b/cves.json @@ -1583,7 +1583,7 @@ {"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47966.yaml"} {"ID":"CVE-2022-47986","Info":{"Name":"Pre-Auth RCE in Aspera Faspex","Severity":"critical","Description":"IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47986.yaml"} {"ID":"CVE-2023-0669","Info":{"Name":"GoAnywhere MFT - Remote Code Execution (ZeroDay)","Severity":"high","Description":"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2023/CVE-2023-0669.yaml"} -{"ID":"CVE-2023-23488","Info":{"Name":"Paid Memberships Pro \u003c 2.9.8 - Unauthenticated Blind SQLi","Severity":"critical","Description":"The Paid Memberships Pro WordPress Plugin, version \u003c 2.9.8, is affected\nby an unauthenticated SQL injection vulnerability in the 'code' parameter\nof the '/pmpro/v1/order' REST route.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2023/CVE-2023-23488.yaml"} +{"ID":"CVE-2023-23488","Info":{"Name":"Paid Memberships Pro \u003c 2.9.8 - Unauthenticated Blind SQLi","Severity":"critical","Description":"The Paid Memberships Pro WordPress Plugin, version \u003c 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2023/CVE-2023-23488.yaml"} {"ID":"CVE-2023-23489","Info":{"Name":"Easy Digital Downloads 3.1.0.2 \u0026 3.1.0.3 - Unauthenticated SQLi","Severity":"critical","Description":"The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 \u0026 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23489.yaml"} {"ID":"CVE-2023-23752","Info":{"Name":"Joomla Improper AccessCheck in WebService Endpoint","Severity":"high","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2023/CVE-2023-23752.yaml"} {"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian - Host Header Injection","Severity":"medium","Description":"A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24044.yaml"}