Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42654PUBLISHED: 2022-05-24SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
CVE-2021-42655PUBLISHED: 2022-05-24SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
CVE-2021-42656PUBLISHED: 2022-05-24SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
CVE-2022-1848PUBLISHED: 2022-05-24Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
CVE-2022-30454PUBLISHED: 2022-05-24Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
User Rank: Ninja
4/11/2018 | 12:48:40 PM
As to why Information System architects aren't ready, willing or best suited to take point in protecting data assets: the metrics for job performance are skewed toward finding new, better and faster ways to exploit an organization's data. What stakeholders have failed to realize is that their people aren't the only ones good at doing that! The scattered debris field left by all the (well rewarded), shortcuts, design-as-you-go, secure-it-later, data-ecology strip-mining and hope-it-holds patching is a godsend to those who realize what can be made from the bits and pieces.