CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10031 – purpleparrots 491-Project Highscore update.php sql injection
https://notcve.org/view.php?id=CVE-2015-10031
08 Jan 2023 — A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. • https://github.com/purpleparrots/491-Project/commit/a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 1CVE-2017-18365
https://notcve.org/view.php?id=CVE-2017-18365
28 Mar 2019 — The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a crafted cookie signed with this secret, one can call Marshal.load with arbitrary data, which is a problem because the Marshal data format allows Ruby objects. La consola de gestión en GitHub Enterprise, en las versiones... • https://enterprise.github.com/releases/2.8.7/notes • CWE-502: Deserialization of Untrusted Data •