CVE-2022-1594
published 2022-06-13CVE-2022-1594: The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a…
PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.41%
32.9th percentile
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hc_custom_wp-admin_url_project | hc_custom_wp-admin_url | <= 1.4 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library
blogs_talos·2023-04-03·CVSS 6.5
CVE-2022-38072 [MEDIUM] Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library
Francesco Benvenuto of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered an improper array index validation vulnerability in a functionality of the ADMesh library.
ADMesh is a C library used to process 3-D triangular meshes.
Talos found an improper array index validation vulnerability in TALOS-2022-1594 (CVE-2022-38072). A specially crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Cisco Talos worked with ADMesh to ensure that this issue was resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update these affected products as soon as possible: ADMesh Master Commit 767a105, Slic3r libslic3r Maste
Talos
Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library
blogs_talos·2023-04-03·CVSS 6.5
CVE-2022-38072 [MEDIUM] Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library
## Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library
Francesco Benvenuto of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered an improper array index validation vulnerability in a functionality of the ADMesh library.
ADMesh is a C library used to process 3-D triangular meshes.
Talos found an improper array index validation vulnerability in TALOS-2022-1594 (CVE-2022-38072). A specially crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Cisco Talos worked with ADMesh to ensure that this issue was resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy .
Users are encouraged to update these affected prod
2022-06-13
Published