In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 18-19, 2024.
During this period, The National Vulnerability Database published 29, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 8
Medium: 13
Low: 0
Severity Not Assigned: 5
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4264
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`.
References: https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-3810
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
References: https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1b3d4d5-9d2b-4924-a830-27c07fa1ba98?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-3812
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
References: https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266
https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-2771
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.
References: https://plugins.trac.wordpress.org/changeset/3088078/fluentform/trunk/app/Http/Policies/RoleManagerPolicy.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/071195d6-3452-4241-a8d3-92efc84e4850?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-2782
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to modify all of the plugin's settings.
References: https://plugins.trac.wordpress.org/changeset/3088078/fluentform/trunk/app/Http/Policies/GlobalSettingsPolicy.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/0814e7b3-404a-4db5-b564-46c9086ec048?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-4709
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/browser/fluentform/trunk/app/Services/FormBuilder/Notifications/EmailNotification.php#L106
https://plugins.trac.wordpress.org/browser/fluentform/trunk/app/Services/FormBuilder/Notifications/EmailNotification.php#L164
https://plugins.trac.wordpress.org/browser/fluentform/trunk/app/Services/FormBuilder/Notifications/EmailNotification.php#L194
https://plugins.trac.wordpress.org/changeset/3088078/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5fe317a6-a391-441a-aac8-c8fa57e73169?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-3658
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
References: https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L814
https://www.wordfence.com/threat-intel/vulnerabilities/id/65d423ad-da51-4616-860d-2b9354d44147?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-3745
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.
References: https://fluidattacks.com/advisories/gershwin/
https://forums.guru3d.com/threads/msi-ab-rtss-development-news-thread.412822/page-227#post-6231456
https://forums.guru3d.com/threads/msi-ab-rtss-development-news-thread.412822/page-227#post-6231768
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-31879
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/287539
https://www.ibm.com/support/pages/node/7154380
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-5093
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072.
References: https://github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20Authentication%20Bypass.md
https://vuldb.com/?ctiid.265072
https://vuldb.com/?id.265072
https://vuldb.com/?submit.335712
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-5094
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265073 was assigned to this vulnerability.
References: https://github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20SQL%20Injection%20-%202.md
https://vuldb.com/?ctiid.265073
https://vuldb.com/?id.265073
https://vuldb.com/?submit.335714
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 18-19, 2024.
During this period, The National Vulnerability Database published 29, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 8
Medium: 13
Low: 0
Severity Not Assigned: 5
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4264
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`.
References: https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-3810
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
References: https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266
https://www.wordfence.com/threat-intel/vulnerabilities/id/d1b3d4d5-9d2b-4924-a830-27c07fa1ba98?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-3812
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
References: https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266
https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-2771
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.
References: https://plugins.trac.wordpress.org/changeset/3088078/fluentform/trunk/app/Http/Policies/RoleManagerPolicy.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/071195d6-3452-4241-a8d3-92efc84e4850?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-2782
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to modify all of the plugin's settings.
References: https://plugins.trac.wordpress.org/changeset/3088078/fluentform/trunk/app/Http/Policies/GlobalSettingsPolicy.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/0814e7b3-404a-4db5-b564-46c9086ec048?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-4709
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/browser/fluentform/trunk/app/Services/FormBuilder/Notifications/EmailNotification.php#L106
https://plugins.trac.wordpress.org/browser/fluentform/trunk/app/Services/FormBuilder/Notifications/EmailNotification.php#L164
https://plugins.trac.wordpress.org/browser/fluentform/trunk/app/Services/FormBuilder/Notifications/EmailNotification.php#L194
https://plugins.trac.wordpress.org/changeset/3088078/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5fe317a6-a391-441a-aac8-c8fa57e73169?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-3658
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
References: https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L814
https://www.wordfence.com/threat-intel/vulnerabilities/id/65d423ad-da51-4616-860d-2b9354d44147?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-3745
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.
References: https://fluidattacks.com/advisories/gershwin/
https://forums.guru3d.com/threads/msi-ab-rtss-development-news-thread.412822/page-227#post-6231456
https://forums.guru3d.com/threads/msi-ab-rtss-development-news-thread.412822/page-227#post-6231768
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-31879
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/287539
https://www.ibm.com/support/pages/node/7154380
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-5093
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072.
References: https://github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20Authentication%20Bypass.md
https://vuldb.com/?ctiid.265072
https://vuldb.com/?id.265072
https://vuldb.com/?submit.335712
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-5094
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265073 was assigned to this vulnerability.
References: https://github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20SQL%20Injection%20-%202.md
https://vuldb.com/?ctiid.265073
https://vuldb.com/?id.265073
https://vuldb.com/?submit.335714
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found