NVD disclosure day

Published threat advisories for June 2, 2022

CVE advisoryCRITICAL

CVE-2021-42875

TOTOLINK EX1200T Firmware Command Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

TOTOLINK EX1200T firmware has a remote command injection vulnerability, allowing attackers to execute arbitrary commands. This could lead to compromised device configuration and network traffic manipulation. It is important to confirm if this technology is in use and assess its exposure to understand potential risks.

CVE advisoryCRITICAL

CVE-2022-29704

SQL Injection in BrowsBox CMS v4.0

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability exists in BrowsBox CMS, allowing unauthenticated attackers to execute arbitrary SQL commands. This could lead to unauthorized access, modification, or deletion of sensitive data. Confirmation of its presence and exposure within an organization is crucial.

CVE advisoryCRITICAL

CVE-2022-30490

Badminton Center Management System SQL Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability exists in a badminton center management system via the 'id' parameter in a specific PHP file, potentially allowing unauthenticated attackers to manipulate the system's database. This could lead to unauthorized access or data corruption if the system is in use and reachable.

CVE advisoryCRITICAL

CVE-2022-28945

Webbank WeCube Directory Traversal Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A directory traversal vulnerability in Webbank WeCube software allows unauthenticated attackers to access and modify files by uploading a crafted ZIP file. This could lead to unauthorized data access or potential remote code execution if further exploitation is possible.

CVE advisoryCRITICAL

CVE-2022-24240

ACEweb Online Portal SQL Injection Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A SQL injection vulnerability in ACEweb Online Portal could allow attackers to manipulate database queries, potentially leading to unauthorized data access or modification. This issue is reachable via the network and warrants attention if the affected technology is in use.

CVE advisoryCRITICAL

CVE-2022-24239

ACEweb Online Portal Unrestricted File Upload Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An unrestricted file upload vulnerability exists in an online portal, allowing unauthorized file uploads that could lead to system compromise or data corruption. This issue affects externally facing web applications, making them a potential target for attackers. Readers should care because the vulnerability could impac

CVE advisoryCRITICAL

CVE-2021-42872

TOTOLINK EX1200T Command Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A command injection vulnerability affects TOTOLINK EX1200T devices, enabling remote arbitrary code execution. This could compromise network device functionality if reachable over the network. Readers should confirm device relevance and exposure to assess potential risks.