In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 04-05, 2024.
During this period, The National Vulnerability Database published 62, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 17
High: 8
Medium: 15
Low: 3
Severity Not Assigned: 19
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2022-2081
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
References: https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-6944
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
References: https://access.redhat.com/security/cve/CVE-2023-6944
https://bugzilla.redhat.com/show_bug.cgi?id=2255204
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
3. CVE-2021-40367
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097)
References: https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
4. CVE-2021-42028
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860)
References: https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
5. CVE-2021-45465
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)
References: https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797
CWE-ID: CWE-123
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-49622
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-49624
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-49625
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-49633
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-49639
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-49658
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-49665
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-49666
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-50743
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/perahia/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-50752
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/perahia/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-50753
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/perahia/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-50760
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
References: https://fluidattacks.com/advisories/arrau/
https://www.kashipara.com/
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-50862
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-50863
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-50864
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-50865
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-50866
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-50867
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-21625
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.
References: https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-6270
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
References: https://access.redhat.com/security/cve/CVE-2023-6270
https://bugzilla.redhat.com/show_bug.cgi?id=2256786
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 04-05, 2024.
During this period, The National Vulnerability Database published 62, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 17
High: 8
Medium: 15
Low: 3
Severity Not Assigned: 19
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2022-2081
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.
References: https://publisher.hitachienergy.com/preview?DocumentID=8DBD000111&LanguageCode=en&DocumentPartId=&Action=Launch
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-6944
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.2
Description: A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
References: https://access.redhat.com/security/cve/CVE-2023-6944
https://bugzilla.redhat.com/show_bug.cgi?id=2255204
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
3. CVE-2021-40367
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097)
References: https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
4. CVE-2021-42028
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860)
References: https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
5. CVE-2021-45465
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)
References: https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797
CWE-ID: CWE-123
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-49622
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-49624
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-49625
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
9. CVE-2023-49633
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-49639
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-49658
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-49665
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-49666
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/zimerman/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-50743
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/perahia/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-50752
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/perahia/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-50753
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/perahia/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-50760
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
References: https://fluidattacks.com/advisories/arrau/
https://www.kashipara.com/
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-50862
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-50863
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-50864
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-50865
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-50866
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-50867
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.
References: https://fluidattacks.com/advisories/evans/
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-21625
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.
References: https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
25. CVE-2023-6270
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
References: https://access.redhat.com/security/cve/CVE-2023-6270
https://bugzilla.redhat.com/show_bug.cgi?id=2256786
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found