Vulnerability Summary for the Week of July 31, 2023

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
yunyecms — yunyecms SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. 2023-07-31 9.8 CVE-2020-21662
MISC
raspap — raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. 2023-08-01 9.8 CVE-2022-39986
MISC
MISC
This article has been indexed from Bulletins

Read the original article: