Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2023-36609 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ovarro products The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. | 7.2 |
| 2023-06-09 | CVE-2023-2249 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gvectors Wpforo Forum The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. | 8.8 |
| 2023-05-05 | CVE-2023-2551 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Bumsys Project Bumsys PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. | 8.8 |
| 2023-04-20 | CVE-2022-46302 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Checkmk 1.6.0/2.0.0 Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. | 8.8 |
| 2023-03-23 | CVE-2022-30037 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Xunruicms XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. | 7.2 |
| 2023-03-06 | CVE-2022-4134 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products A flaw was found in openstack-glance. | 2.8 |
| 2023-02-09 | CVE-2023-21440 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Samsung Android 13.0 Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | 5.5 |
| 2022-12-26 | CVE-2022-24119 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in GE products Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. | 9.8 |
| 2022-10-18 | CVE-2022-22246 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Juniper Junos A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. | 8.8 |
| 2022-09-13 | CVE-2022-37191 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. | 6.5 |