Lavon321

#7793of 53,624
35.2Total CVSS
Vulnerabilities · 4
High
2
Critical
2
PT-2022-10904
9.8
2022-03-20
Dwsurvey · Dwsurvey · CVE-2021-39383
**Name of the Vulnerable Software and Affected Versions** DWSurvey version 3.2.0 **Description** A remote command execution issue was discovered in DWSurvey via the component /sysuser/SysPropertyAction.java. This allows for potential remote command execution. **Recommendations** For DWSurvey version 3.2.0, consider restricting access to the /sysuser/SysPropertyAction.java component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-10905
9.8
2022-03-20
Dwsurvey · Dwsurvey · CVE-2021-39384
**Name of the Vulnerable Software and Affected Versions** DWSurvey version 3.2.0 **Description** The issue is related to an arbitrary file write vulnerability. It affects the component `/utils/ToHtmlServlet.java`. **Recommendations** For DWSurvey version 3.2.0, consider restricting access to the `/utils/ToHtmlServlet.java` component until a patch is available.
PT-2022-8723
7.8
2022-03-20
Shopxo · Shopxo · CVE-2020-26007
**Name of the Vulnerable Software and Affected Versions** ShopXO version 1.9.0 **Description** The issue allows attackers to execute arbitrary code via uploading a crafted PHP file, exploiting an arbitrary file upload vulnerability in the upload payment plugin. **Recommendations** For ShopXO version 1.9.0, consider disabling the upload payment plugin until a patch is available to prevent arbitrary file uploads and subsequent code execution.
PT-2022-8724
7.8
2022-03-20
Shopxo · Shopxo · CVE-2020-26008
**Name of the Vulnerable Software and Affected Versions** ShopXO version 1.9.0 **Description** The issue concerns an arbitrary file upload vulnerability in the PluginsUpload function, located in application/service/PluginsAdminService.php. This vulnerability allows attackers to execute arbitrary code by uploading a crafted PHP file. **Recommendations** For ShopXO version 1.9.0, consider disabling the PluginsUpload function in application/service/PluginsAdminService.php until a patch is available to prevent arbitrary file uploads. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.