NVD disclosure day

Published threat advisories for February 1, 2023

CVE advisoryCRITICAL

CVE-2022-47003

Mura CMS Authentication Bypass Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Mura CMS's "Remember Me" function allows attackers to bypass authentication using a crafted web request, potentially granting unauthorized access to systems. This flaw, affecting content management software, highlights a risk to data and system integrity. Confirmation of usage and exposure is necessa

CVE advisoryCRITICAL

CVE-2022-47770

Serenissima Informatica Fast Checkin Unauthenticated SQL Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Serenissima Informatica Fast Checkin, a hotel check-in application, has a critical unauthenticated SQL injection vulnerability. This flaw could allow unauthorized access to, modification of, or deletion of sensitive data without requiring any credentials. It is important to determine if this software is in use and asse

CVE advisoryCRITICAL

CVE-2022-47769

Fast Checkin Arbitrary File Upload Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin could allow unauthenticated attackers to upload malicious files to the web root, potentially enabling server access via a web shell. This could impact application availability and integrity.