In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 13-14, 2024.
During this period, The National Vulnerability Database published 54, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 4
Medium: 27
Low: 6
Severity Not Assigned: 17
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-22142
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.
References: https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0479
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584.
References: https://note.zhaoj.in/share/Np0ZdyKEnVOV
https://vuldb.com/?ctiid.250584
https://vuldb.com/?id.250584
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-0480
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability.
References: https://note.zhaoj.in/share/0KtyJccrP3Ba
https://vuldb.com/?ctiid.250585
https://vuldb.com/?id.250585
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0510
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652.
References: https://note.zhaoj.in/share/gBtNhBb39u9u
https://vuldb.com/?ctiid.250652
https://vuldb.com/?id.250652
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 13-14, 2024.
During this period, The National Vulnerability Database published 54, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 4
Medium: 27
Low: 6
Severity Not Assigned: 17
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-22142
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.
References: https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0479
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584.
References: https://note.zhaoj.in/share/Np0ZdyKEnVOV
https://vuldb.com/?ctiid.250584
https://vuldb.com/?id.250584
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-0480
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability.
References: https://note.zhaoj.in/share/0KtyJccrP3Ba
https://vuldb.com/?ctiid.250585
https://vuldb.com/?id.250585
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0510
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652.
References: https://note.zhaoj.in/share/gBtNhBb39u9u
https://vuldb.com/?ctiid.250652
https://vuldb.com/?id.250652
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found