NVD disclosure day

Published threat advisories for June 16, 2022

CVE advisoryCRITICAL

CVE-2022-24562

IOTransfer Arbitrary File Read Write Vulnerability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An unauthenticated attacker can exploit a vulnerability in IOBit IOTransfer to gain arbitrary read and write access to the entire file system on a victim's endpoint. This could potentially lead to data theft and remote code execution, impacting data confidentiality and integrity if the vulnerable service is reachable.

CVE advisoryCRITICAL

CVE-2022-31384

Directory Management System SQL Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical SQL injection vulnerability exists in Directory Management System v1.0 via the `fullname` parameter in `add-directory.php`. This could allow an unauthenticated attacker to access or modify sensitive directory information if the system is reachable over a network. Confirmation of its use within the environmen

CVE advisoryCRITICAL

CVE-2022-31383

Directory Management System SQL Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability exists in Directory Management System, a web-based application. If reachable, an attacker could exploit this by sending a crafted request to the `view-directory.php` script. This could potentially lead to unauthorized access or modification of the application's data, so determining if this

CVE advisoryCRITICAL

CVE-2022-31382

Directory Management System SQL Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability exists in a directory management system. This flaw, if reachable, could allow an attacker to access, modify, or delete sensitive data without authentication. The reader should care because it could compromise the integrity and confidentiality of stored information.