In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 26-27, 2024.
During this period, The National Vulnerability Database published 162, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 45
Medium: 51
Low: 4
Severity Not Assigned: 53
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0866
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-29189
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.
References: https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html
https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428
https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc
https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f
https://github.com/ansys/pyansys-geometry/pull/1076
https://github.com/ansys/pyansys-geometry/pull/1077
https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-49839
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin), KlbTheme Furnob theme (core plugin), KlbTheme Clotya theme (core plugin) allows Reflected XSS.This issue affects Cosmetsy theme (core plugin): from n/a through 1.3.0; Partdo theme (core plugin): from n/a through 1.0.9; Bacola theme (core plugin): from n/a through 1.3.3; Medibazar theme (core plugin): from n/a through 1.2.3; Furnob theme (core plugin): from n/a through 1.1.7; Clotya theme (core plugin): from n/a through 1.1.5.
References: https://patchstack.com/database/vulnerability/bacola-core/wordpress-bacola-core-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/clotya-core/wordpress-clotya-core-plugin-1-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/cosmetsy-core/wordpress-cosmetsy-core-plugin-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/furnob-core/wordpress-furnob-core-plugin-1-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/medibazar-core/wordpress-medibazar-core-plugin-1-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/partdo-core/wordpress-partdo-core-plugin-1-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6175
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
References: https://gitlab.com/wireshark/wireshark/-/issues/19404
https://www.wireshark.org/security/wnpa-sec-2023-29.html
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-23991
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3.
References: https://patchstack.com/database/vulnerability/booking/wordpress-booking-calendar-plugin-9-4-2-sql-injection?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-33322
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.
References: https://patchstack.com/database/vulnerability/front-end-only-users/wordpress-front-end-users-plugin-3-2-25-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-45771
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.
References: https://patchstack.com/database/vulnerability/contact-form-with-captcha/wordpress-contact-form-with-captcha-plugin-1-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-30231
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.
References: https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-4-1-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1933
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.
References: https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/
CWE-ID: CWE-61
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-47150
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/270602
https://www.ibm.com/support/pages/node/7145168
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-2891
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formQuickIndex.md
https://vuldb.com/?ctiid.257934
https://vuldb.com/?id.257934
https://vuldb.com/?submit.300354
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-41969
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description:
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.
References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-41972
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.
References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-41973
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.
References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-23482
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.
References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2024
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-21912
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-21913
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-21918
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-21919
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-824
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-2212
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet()
functions from the FreeRTOS compatibility API
(utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing
parameter checks. This could lead to integer wraparound,
under-allocations and heap buffer overflows.
References: https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6
CWE-ID: CWE-122 CWE-190
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-2214
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the
Xtensa port was missing an array size check causing a memory overwrite.
The affected file was ports/xtensa/xcc/src/tx_clib_lock.c
References: https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x
CWE-ID: CWE-129
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-2452
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control
parameters of __portable_aligned_alloc() could cause an integer
wrap-around and an allocation smaller than expected. This could cause
subsequent heap buffer overflows.
References: https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx
CWE-ID: CWE-120 CWE-190
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-2892
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetCfm.md
https://vuldb.com/?ctiid.257935
https://vuldb.com/?id.257935
https://vuldb.com/?submit.300355
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-2929
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-2893
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetDeviceName_devName.md
https://vuldb.com/?ctiid.257936
https://vuldb.com/?id.257936
https://vuldb.com/?submit.300356
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-2894
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetQosBand.md
https://vuldb.com/?ctiid.257937
https://vuldb.com/?id.257937
https://vuldb.com/?submit.300357
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-44989
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.
References: https://patchstack.com/database/vulnerability/cf7-google-sheets-connector/wordpress-cf7-google-sheets-connector-plugin-5-0-5-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-2895
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formWifiWpsOOB.md
https://vuldb.com/?ctiid.257938
https://vuldb.com/?id.257938
https://vuldb.com/?submit.300358
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-2896
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formWifiWpsStart.md
https://vuldb.com/?ctiid.257939
https://vuldb.com/?id.257939
https://vuldb.com/?submit.300359
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-2898
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetRouteStatic.md
https://vuldb.com/?ctiid.257941
https://vuldb.com/?id.257941
https://vuldb.com/?submit.300361
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-2899
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWirelessRepeat.md
https://vuldb.com/?ctiid.257942
https://vuldb.com/?id.257942
https://vuldb.com/?submit.300362
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-23656
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.
References: https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-27440
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.
References: https://patchstack.com/database/vulnerability/types/wordpress-toolset-types-plugin-3-4-17-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-27459
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.
References: https://patchstack.com/database/vulnerability/user-registration/wordpress-user-registration-plugin-2-3-2-1-authenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-6091
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1.
References: https://patchstack.com/database/vulnerability/theme-editor/wordpress-theme-editor-plugin-2-7-1-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-2900
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257943. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/saveParentControlInfo_deviceId.md
https://vuldb.com/?ctiid.257943
https://vuldb.com/?id.257943
https://vuldb.com/?submit.300364
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-2901
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257944. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/setSchedWifi.md
https://vuldb.com/?ctiid.257944
https://vuldb.com/?id.257944
https://vuldb.com/?submit.300367
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-2902
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWifiGusetBasic.md
https://vuldb.com/?ctiid.257945
https://vuldb.com/?id.257945
https://vuldb.com/?submit.300449
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-2955
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
References: https://gitlab.com/wireshark/wireshark/-/issues/19695
https://www.wireshark.org/security/wnpa-sec-2024-06.html
CWE-ID: CWE-762
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-28687
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.
References: https://patchstack.com/database/vulnerability/cream-blog/wordpress-cream-blog-theme-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/cream-magazine/wordpress-cream-magazine-theme-2-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/fascinate/wordpress-fascinate-theme-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/glaze-blog-lite/wordpress-glaze-blog-lite-theme-1-1-4-cross-site-scripting-xss-vulnerability
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-28787
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
References: https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-29386
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.
References: https://patchstack.com/database/vulnerability/manager-for-icomoon/wordpress-manager-for-icommon-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-38388
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.
References: https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-39307
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
References: https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-47842
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
References: https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-47846
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.
References: https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-2-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-47873
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.
References: https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-48275
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.
References: https://patchstack.com/database/vulnerability/wp-reviews-plugin-for-google/wordpress-widgets-for-google-reviews-plugin-11-0-2-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-48777
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.
References: https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-2903
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/GetParentControlInfo.md
https://vuldb.com/?ctiid.257946
https://vuldb.com/?id.257946
https://vuldb.com/?submit.300452
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-2909
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20EG350%20Easy%20Gateway%20Management%20System%20Exists%20Remote%20Code%20Execution%20Vulnerability%20networksafe.php.pdf
https://vuldb.com/?ctiid.257977
https://vuldb.com/?id.257977
https://vuldb.com/?submit.300368
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-25136
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
References: https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
53. CVE-2024-2916
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257982 is the identifier assigned to this vulnerability.
References: https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%201.pdf
https://vuldb.com/?ctiid.257982
https://vuldb.com/?id.257982
https://vuldb.com/?submit.303671
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
54. CVE-2024-2927
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258000.
References: https://vuldb.com/?ctiid.258000
https://vuldb.com/?id.258000
https://vuldb.com/?submit.304053
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between March 26-27, 2024.
During this period, The National Vulnerability Database published 162, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 9
High: 45
Medium: 51
Low: 4
Severity Not Assigned: 53
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0866
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.
References: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-29189
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.
References: https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html
https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428
https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc
https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f
https://github.com/ansys/pyansys-geometry/pull/1076
https://github.com/ansys/pyansys-geometry/pull/1077
https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-49839
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin), KlbTheme Furnob theme (core plugin), KlbTheme Clotya theme (core plugin) allows Reflected XSS.This issue affects Cosmetsy theme (core plugin): from n/a through 1.3.0; Partdo theme (core plugin): from n/a through 1.0.9; Bacola theme (core plugin): from n/a through 1.3.3; Medibazar theme (core plugin): from n/a through 1.2.3; Furnob theme (core plugin): from n/a through 1.1.7; Clotya theme (core plugin): from n/a through 1.1.5.
References: https://patchstack.com/database/vulnerability/bacola-core/wordpress-bacola-core-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/clotya-core/wordpress-clotya-core-plugin-1-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/cosmetsy-core/wordpress-cosmetsy-core-plugin-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/furnob-core/wordpress-furnob-core-plugin-1-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/medibazar-core/wordpress-medibazar-core-plugin-1-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/partdo-core/wordpress-partdo-core-plugin-1-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6175
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
References: https://gitlab.com/wireshark/wireshark/-/issues/19404
https://www.wireshark.org/security/wnpa-sec-2023-29.html
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-23991
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3.
References: https://patchstack.com/database/vulnerability/booking/wordpress-booking-calendar-plugin-9-4-2-sql-injection?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-33322
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.
References: https://patchstack.com/database/vulnerability/front-end-only-users/wordpress-front-end-users-plugin-3-2-25-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
7. CVE-2023-45771
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.
References: https://patchstack.com/database/vulnerability/contact-form-with-captcha/wordpress-contact-form-with-captcha-plugin-1-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-30231
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.
References: https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-4-1-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1933
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.2
Description: Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.
References: https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/
CWE-ID: CWE-61
Common Platform Enumerations (CPE): Not Found
10. CVE-2023-47150
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/270602
https://www.ibm.com/support/pages/node/7145168
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-2891
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formQuickIndex.md
https://vuldb.com/?ctiid.257934
https://vuldb.com/?id.257934
https://vuldb.com/?submit.300354
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-41969
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description:
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.
References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023
CWE-ID: CWE-59
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-41972
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.
References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-41973
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.
References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=Windows&applicable_version=4.3.0.121&deployment_date=2023-09-01&id=1463196
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-23482
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.
References: https://help.zscaler.com/client-connector/client-connector-app-release-summary-2024
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-21912
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-21913
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-122
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-21918
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-21919
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-824
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-2212
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.5
Description: In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet()
functions from the FreeRTOS compatibility API
(utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing
parameter checks. This could lead to integer wraparound,
under-allocations and heap buffer overflows.
References: https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6
CWE-ID: CWE-122 CWE-190
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-2214
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.9
Description: In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the
Xtensa port was missing an array size check causing a memory overwrite.
The affected file was ports/xtensa/xcc/src/tx_clib_lock.c
References: https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x
CWE-ID: CWE-129
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-2452
Base Score: 7.0
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 4.7
Description: In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control
parameters of __portable_aligned_alloc() could cause an integer
wrap-around and an allocation smaller than expected. This could cause
subsequent heap buffer overflows.
References: https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx
CWE-ID: CWE-120 CWE-190
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-2892
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetCfm.md
https://vuldb.com/?ctiid.257935
https://vuldb.com/?id.257935
https://vuldb.com/?submit.300355
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-2929
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
References: https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-2893
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetDeviceName_devName.md
https://vuldb.com/?ctiid.257936
https://vuldb.com/?id.257936
https://vuldb.com/?submit.300356
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-2894
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetQosBand.md
https://vuldb.com/?ctiid.257937
https://vuldb.com/?id.257937
https://vuldb.com/?submit.300357
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
27. CVE-2023-44989
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.
References: https://patchstack.com/database/vulnerability/cf7-google-sheets-connector/wordpress-cf7-google-sheets-connector-plugin-5-0-5-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-2895
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formWifiWpsOOB.md
https://vuldb.com/?ctiid.257938
https://vuldb.com/?id.257938
https://vuldb.com/?submit.300358
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-2896
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formWifiWpsStart.md
https://vuldb.com/?ctiid.257939
https://vuldb.com/?id.257939
https://vuldb.com/?submit.300359
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-2898
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetRouteStatic.md
https://vuldb.com/?ctiid.257941
https://vuldb.com/?id.257941
https://vuldb.com/?submit.300361
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-2899
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWirelessRepeat.md
https://vuldb.com/?ctiid.257942
https://vuldb.com/?id.257942
https://vuldb.com/?submit.300362
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
32. CVE-2023-23656
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.
References: https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
33. CVE-2023-27440
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.
References: https://patchstack.com/database/vulnerability/types/wordpress-toolset-types-plugin-3-4-17-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
34. CVE-2023-27459
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.
References: https://patchstack.com/database/vulnerability/user-registration/wordpress-user-registration-plugin-2-3-2-1-authenticated-php-object-injection-vulnerability?_s_id=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
35. CVE-2023-6091
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1.
References: https://patchstack.com/database/vulnerability/theme-editor/wordpress-theme-editor-plugin-2-7-1-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-2900
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257943. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/saveParentControlInfo_deviceId.md
https://vuldb.com/?ctiid.257943
https://vuldb.com/?id.257943
https://vuldb.com/?submit.300364
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-2901
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257944. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/setSchedWifi.md
https://vuldb.com/?ctiid.257944
https://vuldb.com/?id.257944
https://vuldb.com/?submit.300367
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-2902
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWifiGusetBasic.md
https://vuldb.com/?ctiid.257945
https://vuldb.com/?id.257945
https://vuldb.com/?submit.300449
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-2955
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
References: https://gitlab.com/wireshark/wireshark/-/issues/19695
https://www.wireshark.org/security/wnpa-sec-2024-06.html
CWE-ID: CWE-762
Common Platform Enumerations (CPE): Not Found
40. CVE-2023-28687
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.
References: https://patchstack.com/database/vulnerability/cream-blog/wordpress-cream-blog-theme-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/cream-magazine/wordpress-cream-magazine-theme-2-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/fascinate/wordpress-fascinate-theme-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/glaze-blog-lite/wordpress-glaze-blog-lite-theme-1-1-4-cross-site-scripting-xss-vulnerability
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
41. CVE-2023-28787
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
References: https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-4-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
42. CVE-2023-29386
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.
References: https://patchstack.com/database/vulnerability/manager-for-icomoon/wordpress-manager-for-icommon-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
43. CVE-2023-38388
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.
References: https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
44. CVE-2023-39307
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
References: https://patchstack.com/database/vulnerability/avada/wordpress-avada-theme-7-11-1-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
45. CVE-2023-47842
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.
References: https://patchstack.com/database/vulnerability/catablog/wordpress-catablog-plugin-1-7-0-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
46. CVE-2023-47846
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.
References: https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-2-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
47. CVE-2023-47873
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.
References: https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
48. CVE-2023-48275
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.
References: https://patchstack.com/database/vulnerability/wp-reviews-plugin-for-google/wordpress-widgets-for-google-reviews-plugin-11-0-2-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
49. CVE-2023-48777
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.
References: https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-2903
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/GetParentControlInfo.md
https://vuldb.com/?ctiid.257946
https://vuldb.com/?id.257946
https://vuldb.com/?submit.300452
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-2909
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20EG350%20Easy%20Gateway%20Management%20System%20Exists%20Remote%20Code%20Execution%20Vulnerability%20networksafe.php.pdf
https://vuldb.com/?ctiid.257977
https://vuldb.com/?id.257977
https://vuldb.com/?submit.300368
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-25136
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
References: https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
53. CVE-2024-2916
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257982 is the identifier assigned to this vulnerability.
References: https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System%20-%20vuln%201.pdf
https://vuldb.com/?ctiid.257982
https://vuldb.com/?id.257982
https://vuldb.com/?submit.303671
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
54. CVE-2024-2927
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258000.
References: https://vuldb.com/?ctiid.258000
https://vuldb.com/?id.258000
https://vuldb.com/?submit.304053
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found