Vulnerability Summary for the Week of July 10, 2023

High Vulnerabilities

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
elra — parkmatik	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51.	2023-07-13	10	CVE-2023-1547 MISC
wordpress — wordpress	The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the ‘ur_upload_profile_pic’ function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site’s server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.	2023-07-13	9.9