Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31943PUBLISHED: 2022-07-01MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
CVE-2022-32093PUBLISHED: 2022-07-01Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
CVE-2022-32094PUBLISHED: 2022-07-01Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
CVE-2022-32095PUBLISHED: 2022-07-01Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
CVE-2022-32384PUBLISHED: 2022-07-01Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.
User Rank: Ninja
6/30/2019 | 3:19:05 PM
Hmm, there are a few questions that cause me to pause:
Sounds to me from the application, network, web, Db and credit card groups failed to understand the concept of network segmentation. Where was the Enterprise Archictect in this endeavor and what happened to the planning stages associated with DR (doesn't GDPR get involved with this issue and shouldn't they be penalized for this attrocity)?
Todd