CVE-2022-23055

MEDIUM Year: 2022
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users.

Related Vulnerabilities

CVE-2021-37535

CRITICAL
CVSS:10.0(Critical)

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

CWE-8622021

CVE-2022-0543

CRITICAL
CVSS:10.0(Critical)

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

CWE-8622022

CVE-2024-33566

CRITICAL
CVSS:10.0(Critical)

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.

CWE-8622024

CVE-2024-52416

CRITICAL
CVSS:10.0(Critical)

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2.

CWE-8622024

CVE-2024-6071

CRITICAL
CVSS:10.0(Critical)

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

CWE-8622024

CVE-2024-6500

CRITICAL
CVSS:10.0(Critical)

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all...

CWE-8622024