Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31856PUBLISHED: 2022-07-05Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
CVE-2022-32310PUBLISHED: 2022-07-05An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.
CVE-2022-32311PUBLISHED: 2022-07-05Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
CVE-2022-32413PUBLISHED: 2022-07-05An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-34972PUBLISHED: 2022-07-05So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.
User Rank: Apprentice
5/25/2017 | 3:54:15 PM
Patching yes is key, but the most important is still Security awarness. How did this worm get in? It was via unwarry email users opening emails and fillowing links or activating attachments that is the entry point of this vulnerability.
The problem is we in the community tend to close the barn door after the horse has run through the house.
We do not need to depend on more tech solutions (Patching exempt).
Time to start serious end user education and start to close down the weekest link.