Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...
User Rank: Ninja
6/9/2017 | 1:14:57 PM
A project requirement I see missing from many a project plan is exactly the things you are referring to, including milestones for data integrity checks before, during and after projects, whether they are one-off requests for an overnight tweak or a year-long project. Luckily for my team we work hand-in-hand with teams like Security and Compliance. We treat all requests the same, we care for the data in the same manner regardless the project. But the requirements should still be documented as many projects may overlook such "minutia".
Time to Market should not compromise integrity and all considerations related to Security and Compliance should be built into the day-to-day operations of every team member who has charge over sensitive data. And, the requirements for such data management written into project plans, no matter how small large, and the operational mind-set of every user with access well trained to avoid breaches of this type.