Xunyang1

#6408of 53,630
42.5Total CVSS
Vulnerabilities · 5
Medium
1
High
2
Critical
2
PT-2023-14965
8.8
2023-01-10
72Crm · 72Crm · CVE-2022-46610
**Name of the Vulnerable Software and Affected Versions** 72crm version 9 **Description** The issue is related to an arbitrary file upload vulnerability via the avatar upload function, allowing attackers to execute arbitrary code by uploading a crafted PHP file. **Recommendations** For 72crm version 9, consider disabling the avatar upload function until a patch is available to prevent exploitation of this issue. Restrict access to the vulnerable function to minimize the risk of arbitrary code execution.
PT-2022-23858
8.8
2022-08-24
72Crm · 72Crm · CVE-2022-37178
**Name of the Vulnerable Software and Affected Versions** 72crm version 9.0 **Description** An issue was discovered in 72crm, where there is a SQL Injection vulnerability in the functionality to View the task calendar. **Recommendations** For 72crm version 9.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-23859
9.8
2022-08-24
72Crm · 72Crm · CVE-2022-37181
**Name of the Vulnerable Software and Affected Versions** 72crm version 9.0 **Description** The issue is related to an Arbitrary file upload vulnerability. **Recommendations** For 72crm version 9.0, update to a version that contains a fix for this issue.
PT-2022-19092
9.8
2022-05-03
Empirecms · Empirecms · CVE-2022-28585
**Name of the Vulnerable Software and Affected Versions** EmpireCMS version 7.5 **Description** The issue is a SQL injection vulnerability located in the AdClass.php file. **Recommendations** For EmpireCMS version 7.5, update to a version that fixes the SQL injection vulnerability in AdClass.php.
PT-2022-12438
5.3
2022-03-16
Projectworlds · Projectworlds Hospital Management System · CVE-2021-45852
**Name of the Vulnerable Software and Affected Versions** Projectworlds Hospital Management System version 1.0 **Description** An issue was discovered that allows unauthorized malicious attackers to add patients without restriction. This is achieved via the `add patient.php` endpoint. **Recommendations** For Projectworlds Hospital Management System version 1.0, consider restricting access to the `add patient.php` endpoint until a patch is available. As a temporary workaround, limit the functionality of this endpoint to authorized users only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.