CVE-2022-44549

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-862
View all →

Vulnerability Description

The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.

Related Vulnerabilities

CVE-2015-20067

HIGH
CVSS:7.5(High)

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on ...

CWE-8622015

CVE-2017-1002006

HIGH
CVSS:7.5(High)

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

CWE-8622017

CVE-2017-1002007

HIGH
CVSS:7.5(High)

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

CWE-8622017

CVE-2017-10846

HIGH
CVSS:7.5(High)

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.

CWE-8622017

CVE-2017-11135

HIGH
CVSS:7.5(High)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore,...

CWE-8622017

CVE-2017-18666

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 201...

CWE-8622017