In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 21-22, 2023.
During this period, The National Vulnerability Database published 146, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 37
High: 18
Medium: 60
Low: 5
Severity Not Assigned: 26
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-7025
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://note.zhaoj.in/share/B05NqMPvEqoU
https://vuldb.com/?ctiid.248578
https://vuldb.com/?id.248578
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-5594
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
References: https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-32242
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.
References: https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-49778
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.
References: https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-49826
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
References: https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-48288
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1.
References: https://patchstack.com/database/vulnerability/jobwp/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability?_s_id=cve
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-6145
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection.This issue affects Softomi Advanced C2C Marketplace Software: before 12122023.
References: https://www.usom.gov.tr/bildirim/tr-23-0724
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-51442
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.
References: https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c
https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-45115
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-45116
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-45117
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-45118
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-45119
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-40058
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.
References: https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-45120
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-45121
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-45122
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'name' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-45123
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'right' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-44481
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/martin/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-44482
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/martin/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-45124
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'tag' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-45125
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'time' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-45126
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'total' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-45127
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'wrong' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-46791
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ros
https://projectworlds.in
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-50732
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.7
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.
References: https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj
https://jira.xwiki.org/browse/XWIKI-20625
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-6546
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
References: https://access.redhat.com/security/cve/CVE-2023-6546
https://bugzilla.redhat.com/show_bug.cgi?id=2255498
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-46647
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-46648
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
CWE-ID: CWE-331
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-48685
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-48686
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-48687
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-48688
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'to' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-48689
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-48690
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bynum' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-48716
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-48717
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-48718
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-48719
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'roll_no' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-48720
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-48722
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-6746
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.8
Description: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-6802
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-6847
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-37519
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.
References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-48723
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'rno' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-37520
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.
References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-49084
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.
References: https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-49677
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-49678
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-49679
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-49680
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-49681
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-49682
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDate' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-49683
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 21-22, 2023.
During this period, The National Vulnerability Database published 146, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 37
High: 18
Medium: 60
Low: 5
Severity Not Assigned: 26
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-7025
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://note.zhaoj.in/share/B05NqMPvEqoU
https://vuldb.com/?ctiid.248578
https://vuldb.com/?id.248578
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-5594
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.
References: https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-32242
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.
References: https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-49778
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.
References: https://patchstack.com/database/vulnerability/sayfa-sayac/wordpress-sayfa-sayac-plugin-2-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-49826
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
References: https://patchstack.com/database/vulnerability/soledad/wordpress-soledad-theme-8-4-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-48288
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1.
References: https://patchstack.com/database/vulnerability/jobwp/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability?_s_id=cve
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-6145
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection.This issue affects Softomi Advanced C2C Marketplace Software: before 12122023.
References: https://www.usom.gov.tr/bildirim/tr-23-0724
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-51442
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed with the key "not so secret". The vulnerability can only be exploited on instances that have never been restarted. Navidrome supports an extension to the subsonic authentication scheme, where a JWT can be provided using a `jwt` query parameter instead of the traditional password or token and salt (corresponding to resp. the `p` or `t` and `s` query parameters). This authentication bypass vulnerability potentially affects all instances that don't protect the subsonic endpoint `/rest/`, which is expected to be most instances in a standard deployment, and most instances in the reverse proxy setup too (as the documentation mentions to leave that endpoint unprotected). This issue has been patched in version 0.50.2.
References: https://github.com/navidrome/navidrome/commit/1132abb0135d1ecaebc41ed97a1e908a4ae02f7c
https://github.com/navidrome/navidrome/security/advisories/GHSA-wq59-4q6r-635r
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-45115
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-45116
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-45117
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-45118
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-45119
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-40058
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment.
References: https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-45120
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-45121
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-45122
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'name' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-45123
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'right' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-44481
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/martin/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-44482
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/martin/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-45124
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'tag' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-45125
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'time' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-45126
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'total' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2023-45127
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'wrong' parameter of the update.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/argerich/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-46791
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic3' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/ros
https://projectworlds.in
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2023-50732
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.7
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.
References: https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj
https://jira.xwiki.org/browse/XWIKI-20625
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-6546
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
References: https://access.redhat.com/security/cve/CVE-2023-6546
https://bugzilla.redhat.com/show_bug.cgi?id=2255498
https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
28. CVE-2023-46647
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.0
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
29. CVE-2023-46648
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. To exploit this vulnerability, an attacker would need knowledge that a user invitation was pending. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
CWE-ID: CWE-331
Common Platform Enumerations (CPE): Not Found
30. CVE-2023-48685
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
31. CVE-2023-48686
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-48687
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-48688
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'to' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-48689
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-48690
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bynum' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/barenboim/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
36. CVE-2023-48716
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
37. CVE-2023-48717
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
38. CVE-2023-48718
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
39. CVE-2023-48719
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'roll_no' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-48720
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-48722
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-6746
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 5.8
Description: An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.19
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-6802
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-6847
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program.
References: https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4
https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-37519
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.
References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-48723
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'rno' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/gilels/
https://projectworlds.in/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-37520
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.
References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-49084
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.
References: https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
CWE-ID: CWE-98
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-49677
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
50. CVE-2023-49678
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
51. CVE-2023-49679
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
52. CVE-2023-49680
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTotal' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
53. CVE-2023-49681
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
54. CVE-2023-49682
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDate' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
55. CVE-2023-49683
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtDesc' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/pollini/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found