Exploits 04/22/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix0
Temporary Fix0
Workaround0
Unavailable0
Not Defined53

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept53
Unproven0
Not Defined0

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤30
≤42
≤50
≤61
≤750
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤42
≤51
≤650
≤70
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k2
<2k49
<5k2
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k53
<2k0
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
04/22/2022$0-$5k$0-$5kVictor CMS Privilege EscalationProof-of-Concept
 
Link0.39CVE-2022-27478
04/22/2022$0-$5k$0-$5kKiteCMS Background Management Module information disclosureProof-of-Concept
 
Link0.32CVE-2022-28445
04/22/2022$0-$5k$0-$5kUCMS information disclosureProof-of-Concept
 
Link0.25CVE-2022-28444
04/22/2022$0-$5k$0-$5kSimple Real Estate Portal System sql injectionProof-of-Concept
 
Link0.25CVE-2022-28411
04/22/2022$0-$5k$0-$5kSourcecodester Purchase Order Management System Privilege EscalationProof-of-Concept
 
Link0.14CVE-2022-28021
04/22/2022$0-$5k$0-$5kUCMS PHP File unrestricted uploadProof-of-Concept
 
Link0.21CVE-2022-28440
04/22/2022$0-$5k$0-$5kMaster Home Owners Collection Management System sql injectionProof-of-Concept
 
Link0.18CVE-2022-28417
04/22/2022$0-$5k$0-$5kMaster Home Owners Collection Management System sql injectionProof-of-Concept
 
Link0.14CVE-2022-28416
04/22/2022$0-$5k$0-$5kMaster Home Owners Collection Management System sql injectionProof-of-Concept
 
Link0.23CVE-2022-28415
04/22/2022$0-$5k$0-$5kMaster Home Owners Collection Management System sql injectionProof-of-Concept
 
Link0.18CVE-2022-28414
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System uesrs.php&&action=delete&userid=4 sql injectionProof-of-Concept
 
Link0.35CVE-2022-28439
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System uesrs.php&action=type&userrole=User sql injectionProof-of-Concept
 
Link0.31CVE-2022-28438
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System uesrs.php&action=type&userrole=Admin&userid=3 sql injectionProof-of-Concept
 
Link0.43CVE-2022-28437
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System uesrs.php&action=display&value=Hide sql injectionProof-of-Concept
 
Link0.33CVE-2022-28436
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System sql injectionProof-of-Concept
 
Link0.43CVE-2022-28435
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System uesrs.php&action=display&value=Show sql injectionProof-of-Concept
 
Link0.43CVE-2022-28433
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System sql injectionProof-of-Concept
 
Link0.69CVE-2022-28432
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System siteoptions.php&social=remove&sid=2 sql injectionProof-of-Concept
 
Link0.62CVE-2022-28431
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System inbox.php&action=delete sql injectionProof-of-Concept
 
Link0.66CVE-2022-28429
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System inbox.php&action=read sql injectionProof-of-Concept
 
Link0.74CVE-2022-28427
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System pagerole.php&action=edit sql injectionProof-of-Concept
 
Link0.66CVE-2022-28426
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System pagerole.php&action=display&value=1 sql injectionProof-of-Concept
 
Link0.70CVE-2022-28425
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System posts.php sql injectionProof-of-Concept
 
Link0.78CVE-2022-28424
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System posts.php&action=delete sql injectionProof-of-Concept
 
Link0.81CVE-2022-28423
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System posts.php&action=edit sql injectionProof-of-Concept
 
Link0.88CVE-2022-28422
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System sql injectionProof-of-Concept
 
Link0.22CVE-2022-28421
04/22/2022$0-$5k$0-$5kSourceCodester Baby Care System sql injectionProof-of-Concept
 
Link0.50CVE-2022-28420
04/22/2022$0-$5k$0-$5kCar Driving School Management System sql injectionProof-of-Concept
 
Link0.63CVE-2022-28413
04/22/2022$0-$5k$0-$5kNetWave System sql injectionProof-of-Concept
 
Link0.76CVE-2022-28412
04/22/2022$0-$5k$0-$5kSimple Real Estate Portal System sql injectionProof-of-Concept
 
Link0.86CVE-2022-28410
04/22/2022$0-$5k$0-$5kMaster Simple Real Estate Portal System sql injectionProof-of-Concept
 
Link0.68CVE-2022-28030
04/22/2022$0-$5k$0-$5kSimple Real Estate Portal System sql injectionProof-of-Concept
 
Link0.26CVE-2022-28029
04/22/2022$0-$5k$0-$5kSimple Real Estate Portal System sql injectionProof-of-Concept
 
Link0.69CVE-2022-28028
04/22/2022$0-$5k$0-$5kAmp Student Grading System sql injectionProof-of-Concept
 
Link0.53CVE-2022-28026
04/22/2022$0-$5k$0-$5kStudent Grading System sql injectionProof-of-Concept
 
Link0.53CVE-2022-28025
04/22/2022$0-$5k$0-$5kStudent Grading System sql injectionProof-of-Concept
 
Link0.05CVE-2022-28024
04/22/2022$0-$5k$0-$5kSourcecodester Purchase Order Management System sql injectionProof-of-Concept
 
Link0.04CVE-2022-28023
04/22/2022$0-$5k$0-$5kSourcecodester Purchase Order Management System sql injectionProof-of-Concept
 
Link0.70CVE-2022-28022
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System position_edit.php sql injectionProof-of-Concept
 
Link0.65CVE-2022-28020
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System employee_edit.php sql injectionProof-of-Concept
 
Link0.72CVE-2022-28019
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System schedule_edit.php sql injectionProof-of-Concept
 
Link0.76CVE-2022-28018
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System overtime_edit.php sql injectionProof-of-Concept
 
Link0.61CVE-2022-28017
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System deduction_edit.php sql injectionProof-of-Concept
 
Link0.00CVE-2022-28016
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System cashadvance_edit.php sql injectionProof-of-Concept
 
Link0.57CVE-2022-28015
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System attendance_edit.php sql injectionProof-of-Concept
 
Link0.46CVE-2022-28014
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System schedule_employee_edit.php sql injectionProof-of-Concept
 
Link0.05CVE-2022-28013
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System position_delete.php sql injectionProof-of-Concept
 
Link0.51CVE-2022-28012
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System schedule_delete.php sql injectionProof-of-Concept
 
Link0.38CVE-2022-28011
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System overtime_delete.php sql injectionProof-of-Concept
 
Link0.41CVE-2022-28010
04/22/2022$0-$5k$0-$5kSourceCodester Attendance and Payroll System attendance_delete.php sql injectionProof-of-Concept
 
Link0.49CVE-2022-28009

3 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!