In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 23-24, 2024.
During this period, The National Vulnerability Database published 132, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 22
Medium: 23
Low: 4
Severity Not Assigned: 82
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1683
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 4.7
Description:
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.
References: https://www.tenable.com/security/tns-2024-03
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-1783
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://gist.github.com/manishkumarr1017/30bca574e2f0a6d6336115ba71111984
https://vuldb.com/?ctiid.254574
https://vuldb.com/?id.254574
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-1786
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254576. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
References: https://gist.github.com/dmknght/269d90e17713bbd34e48c50f5c5284a2
https://vuldb.com/?ctiid.254576
https://vuldb.com/?id.254576
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-22243
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
References: https://spring.io/security/cve-2024-22243
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-1776
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301
https://www.wordfence.com/threat-intel/vulnerabilities/id/7bff8172-b879-40b0-a229-a54787baa38a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-25928
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.
References: https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-1817
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://note.zhaoj.in/share/8gO8yxJ8aN51
https://vuldb.com/?ctiid.254605
https://vuldb.com/?id.254605
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-1820
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/1Crime%20Reporting%20System%20-%20SQL%20Injection.md
https://vuldb.com/?ctiid.254608
https://vuldb.com/?id.254608
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1824
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254612.
References: https://docs.qq.com/doc/DYk9QcHVFRENObWtj
https://vuldb.com/?ctiid.254612
https://vuldb.com/?id.254612
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-26150
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.
References: https://github.com/backstage/backstage/commit/1ad2b1b61ebb430051f7d804b0cc7ebfe7922b6f
https://github.com/backstage/backstage/commit/78f892b3a84d63de2ba167928f171154c447b717
https://github.com/backstage/backstage/commit/edf65d7d31e027599c2415f597d085ee84807871
https://github.com/backstage/backstage/security/advisories/GHSA-2fc9-xpp8-2g9h
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-1826
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254614 is the identifier assigned to this vulnerability.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3Library%20System%20In%20PHP%20-%20SQL%20Injection-student_login.md
https://vuldb.com/?ctiid.254614
https://vuldb.com/?id.254614
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-1827
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254615.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3.2Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_login.md
https://vuldb.com/?ctiid.254615
https://vuldb.com/?id.254615
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-1828
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3.3Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_reg.md
https://vuldb.com/?ctiid.254616
https://vuldb.com/?id.254616
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-1829
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3.4Library%20System%20In%20PHP%20-%20SQL%20Injection-student_reg.md
https://vuldb.com/?ctiid.254617
https://vuldb.com/?id.254617
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-27318
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
References: https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20
https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2022-43842
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/239079
https://www.ibm.com/support/pages/node/7122632
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-1830
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254618 is the identifier assigned to this vulnerability.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3.5Library%20System%20In%20PHP%20-%20SQL%20Injection-student_lostpass.md
https://vuldb.com/?ctiid.254618
https://vuldb.com/?id.254618
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-1831
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Affected is an unknown function of the file users/index.php of the component Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254622 is the identifier assigned to this vulnerability.
References: https://toradah.notion.site/Login-Bypass-via-SQL-injection-b1e45264f6104bc696836ade6e60fb98?pvs=4
https://vuldb.com/?ctiid.254622
https://vuldb.com/?id.254622
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-1832
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254623.
References: https://toradah.notion.site/SQL-Injection-via-Admin-Login-Form-7372893848cb4bb996ae2c9effb0266a?pvs=25
https://vuldb.com/?ctiid.254623
https://vuldb.com/?id.254623
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-1833
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254624.
References: https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/employee-management-system.md#2accountloginphp
https://vuldb.com/?ctiid.254624
https://vuldb.com/?id.254624
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-27132
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
References: https://github.com/mlflow/mlflow/pull/10873
https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-27133
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
References: https://github.com/mlflow/mlflow/pull/10893
https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-26192
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between February 23-24, 2024.
During this period, The National Vulnerability Database published 132, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 22
Medium: 23
Low: 4
Severity Not Assigned: 82
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-1683
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 4.7
Description:
A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services.
References: https://www.tenable.com/security/tns-2024-03
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-1783
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://gist.github.com/manishkumarr1017/30bca574e2f0a6d6336115ba71111984
https://vuldb.com/?ctiid.254574
https://vuldb.com/?id.254574
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-1786
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254576. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
References: https://gist.github.com/dmknght/269d90e17713bbd34e48c50f5c5284a2
https://vuldb.com/?ctiid.254576
https://vuldb.com/?id.254576
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-22243
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
References: https://spring.io/security/cve-2024-22243
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-1776
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301
https://www.wordfence.com/threat-intel/vulnerabilities/id/7bff8172-b879-40b0-a229-a54787baa38a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-25928
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.
References: https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-1817
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://note.zhaoj.in/share/8gO8yxJ8aN51
https://vuldb.com/?ctiid.254605
https://vuldb.com/?id.254605
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-1820
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/1Crime%20Reporting%20System%20-%20SQL%20Injection.md
https://vuldb.com/?ctiid.254608
https://vuldb.com/?id.254608
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1824
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254612.
References: https://docs.qq.com/doc/DYk9QcHVFRENObWtj
https://vuldb.com/?ctiid.254612
https://vuldb.com/?id.254612
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-26150
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.
References: https://github.com/backstage/backstage/commit/1ad2b1b61ebb430051f7d804b0cc7ebfe7922b6f
https://github.com/backstage/backstage/commit/78f892b3a84d63de2ba167928f171154c447b717
https://github.com/backstage/backstage/commit/edf65d7d31e027599c2415f597d085ee84807871
https://github.com/backstage/backstage/security/advisories/GHSA-2fc9-xpp8-2g9h
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-1826
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254614 is the identifier assigned to this vulnerability.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3Library%20System%20In%20PHP%20-%20SQL%20Injection-student_login.md
https://vuldb.com/?ctiid.254614
https://vuldb.com/?id.254614
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-1827
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254615.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3.2Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_login.md
https://vuldb.com/?ctiid.254615
https://vuldb.com/?id.254615
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-1828
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3.3Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_reg.md
https://vuldb.com/?ctiid.254616
https://vuldb.com/?id.254616
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-1829
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3.4Library%20System%20In%20PHP%20-%20SQL%20Injection-student_reg.md
https://vuldb.com/?ctiid.254617
https://vuldb.com/?id.254617
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-27318
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
References: https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20
https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2022-43842
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/239079
https://www.ibm.com/support/pages/node/7122632
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-1830
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254618 is the identifier assigned to this vulnerability.
References: https://github.com/jxp98/VulResearch/blob/main/2024/02/3.5Library%20System%20In%20PHP%20-%20SQL%20Injection-student_lostpass.md
https://vuldb.com/?ctiid.254618
https://vuldb.com/?id.254618
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-1831
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Affected is an unknown function of the file users/index.php of the component Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254622 is the identifier assigned to this vulnerability.
References: https://toradah.notion.site/Login-Bypass-via-SQL-injection-b1e45264f6104bc696836ade6e60fb98?pvs=4
https://vuldb.com/?ctiid.254622
https://vuldb.com/?id.254622
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-1832
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254623.
References: https://toradah.notion.site/SQL-Injection-via-Admin-Login-Form-7372893848cb4bb996ae2c9effb0266a?pvs=25
https://vuldb.com/?ctiid.254623
https://vuldb.com/?id.254623
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-1833
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254624.
References: https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/employee-management-system.md#2accountloginphp
https://vuldb.com/?ctiid.254624
https://vuldb.com/?id.254624
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-27132
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
References: https://github.com/mlflow/mlflow/pull/10873
https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-27133
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
References: https://github.com/mlflow/mlflow/pull/10893
https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-26192
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found