This archive contains all of the 195 exploits added to Packet Storm in April, 2023.
405e6139b88516b8b8d310fa20e72af135bf83c73084dbec2de5761b29649a61
ebankIT versions prior to 7 suffer from a denial of service vulnerability.
667e017380dd636cee2eeb00041c4e65ca7a482014707822dbdd9e8236100248
ebankIT versions prior to 7 suffer from a cross site scripting vulnerability.
7931b012672b6d0e59c41ad92350890e7e94c1bf444f21f043305ff4aff364fc
Aigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a remote command execution vulnerability.
97edc222e7315d869c1e02817b6e6c4b4c30b0606e2e14225d9e8d4f74decd73
CreativeItem Academy Learning Management System version 5.14 suffers from a cross site scripting vulnerability.
8dafc026f42d8948de2c7702a63a398acd3ac8d639a74c8228f8c2ee335a2849
Piwigo version 13.5.0 suffers from a remote SQL injection vulnerability.
b4b2bf2bd02e5e6e2f24ce835e44e52d016f467252a6d79a30e013c6f3028a74
Aigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a persistent cross site scripting vulnerability.
94281fa05de5a472379714c6ea982eb1b2cb7c33282f68eb7f5c8014b7e5b07d
MilleGPG5 version 5.9.2 suffers from a local privilege escalation vulnerability due to incorrect access controls.
170b10b19175444a0ac5f5835ca8fe2bafd6554d1e4df279781d00be46f34722
ChurchCRM versions 4.5.3 and below suffer from a remote SQL injection vulnerability.
b7e8e8d02c14367cc11b87ca55d24411a5f5c671111953263d92dee6b75436f6
qdPM version 9.1 suffers from a cross site scripting vulnerability. Original discovery of cross site scripting in this version is attributed to Mehmet Emiroglu in 2019.
762c3a099f8808825acab911075c4599d14e0932cf84e755a9b0be0b475e2ba4
PHP Restaurants version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and a cross site scripting vulnerability. Original discovery of SQL injection in this version is attributed to Nefrit ID in February of 2022.
b586c653e892e2e9c9de6abf89736d9dfbba1db49179b4cfb8634d3641320419
Mars Stealer version 8.3 suffers from an account takeover vulnerability.
859ee6c02a290946712e160d9fa6957451e5ff9d3a1ee48e8c136fe88493850a
Online Book Store version 1.0 suffers from a remote SQL injection vulnerability. This is a variant of the original vulnerability discovered in August of 2020 by Moaaz Taha.
28d8290923669351721291a134ab393064c7cf596e562dab8f119516f8343a3a
PaperCut NG/MG version 22.0.4 suffers from an authentication bypass vulnerability.
95117b4ea6d64465f3bdf0cbe0e494cb29917bc6739c9247641bc9a4924cf832
Sophos Web Appliance version 4.3.10.4 suffers from a pre-authentication command injection vulnerability.
8e4b0c81eb06a2dfc87e1b36053af0e80c9350868950da3bba179b091cdd01f4
Old Age Home Management System version 1.0 suffers from persistent cross site scripting and missing authentication vulnerabilities.
406e52ea68537bf0e17545568e2ad1202de89fc3b6233b9062e97c466bc89069
OCS Inventory NG version 2.3.0.0 suffers from an unquoted service path vulnerability.
5d958160589da7769707bc50d595f982a1af8f2002d91fa29fe3fd8c2db72f1a
Wondershare Filmora version 12.2.9.2233 suffers from an unquoted service path vulnerability.
7ecc15ec912533d8da830a0bf77da0788e8fa6f2f82a71a6565f2289ef11bc3d
Arcsoft PhotoStudio version 6.0.0.172 suffers from an unquoted service path vulnerability.
8fe8d5b843b21e287299a2d20142df45859d8f18d0f6143c0c77f5de34bbf5b0
WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities.
358b29ae547e818a56ed1efd1c28b8c8cf64813a62a0dcf419a7cb3364a65748
PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.
e01888c501e68b969faf6f9f0762260b9738e28e6c41609aee12cd8f6079824b
This is an extension of research on the original findings of CVE-2020-15858 in Telit Cinterion IoT devices. Numerous issues have been discovered including path traversal, Java privilege elevation, AT commands whitelist / blacklist bypass, a heap overflow in fragmented SMS, and more.
abb8c4529f9d5d619b36098b1423bf2e497fc0bebd5da0e83e1d5c9a49803636
Multi-Vendor Online Groceries Management System version 1.0 suffers from a remote code execution vulnerability.
bdcafa353a1a94b8b20f6c3dd463fee333a45f55015d6532275bbf4975fc15a0
Chitor CMS version 1.1.2 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to msd0pe in April of 2023.
8a4432c3e3e129e027cd240c72b5f12dd0876dfcfe5f4f263825c84c75e260d1
Nokia OneNDS 20.9 has loose sudo permissions that can allow users to escalate privileges.
039f9568152fd31aa5f779ebb2810e14455f1fa0c4f2d93d530677863406e264