Joe Helle

#8269of 53,632
33.2Total CVSS
Vulnerabilities · 4
Medium
1
High
1
Critical
2
PT-2022-22864
7.5
2022-08-08
Zammad · Zammad · CVE-2022-35488
**Name of the Vulnerable Software and Affected Versions** Zammad version 5.2.0 **Description** The issue allows an attacker to manipulate the rate limiting in the 'forgot password' feature, enabling them to send numerous requests for a known account. This can cause Denial Of Service due to the generation of many emails, which also results in spamming the victim. **Recommendations** For Zammad version 5.2.0, consider temporarily disabling the 'forgot password' feature until a patch is available to prevent exploitation. Restrict access to this feature to minimize the risk of Denial Of Service and spamming attacks.
PT-2022-22867
9.8
2022-08-08
Zammad · Zammad · CVE-2022-35490
**Name of the Vulnerable Software and Affected Versions** Zammad version 5.2.0 **Description** The issue allows for privilege escalation. Zammad has a mechanism to prevent brute-force attacks by invalidating users after a configurable number of attempts to guess login credentials. However, an attacker can bypass this mechanism, enabling them to send more requests than the configured amount before the user is invalidated. **Recommendations** For Zammad version 5.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-21880
9.8
2021-08-03
Sqlite · Sqlite · CVE-2021-37832
Name of the Vulnerable Software and Affected Versions: Hotel Druid version 3.0.2 Description: A SQL injection issue exists when SQLite is used as the application database, allowing a malicious attacker to issue SQL commands through the vulnerable `idappartamenti` parameter. Recommendations: For version 3.0.2, consider restricting access to the `idappartamenti` parameter to minimize the risk of exploitation until a patch is available.
PT-2021-21881
6.1
2021-08-03
Unknown · Hoteldruid · CVE-2021-37833
Name of the Vulnerable Software and Affected Versions: Hotel Druid version 3.0.2 Description: A reflected cross-site scripting (XSS) vulnerability exists in multiple pages of the Hotel Druid application, allowing for arbitrary execution of JavaScript commands. Recommendations: For version 3.0.2, consider disabling access to the vulnerable pages until a patch is available. Restrict the execution of JavaScript commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.