Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42654PUBLISHED: 2022-05-24SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
CVE-2021-42655PUBLISHED: 2022-05-24SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
CVE-2021-42656PUBLISHED: 2022-05-24SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
CVE-2022-1848PUBLISHED: 2022-05-24Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
CVE-2022-30454PUBLISHED: 2022-05-24Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
User Rank: Ninja
2/25/2016 | 12:55:32 AM
Such regulation could have huge ramifications. The problem, however, is that it would be difficult to enforce without the guidance in crafting the regulations by top InfoSec and data-protection experts.
And, unfortunately, few InfoSec people are also lawyers -- and lawyers are usually the ones drafting these things.