In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 27-28, 2024.
During this period, The National Vulnerability Database published 59, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 9
Medium: 21
Low: 3
Severity Not Assigned: 24
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5384
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to sql injection. The attack can be initiated remotely. VDB-266302 is the identifier assigned to this vulnerability.
References: https://vuldb.com/?ctiid.266302
https://vuldb.com/?id.266302
https://vuldb.com/?submit.344502
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5399
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
References: https://www.twcert.org.tw/tw/cp-132-7817-6ce29-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-5400
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
References: https://www.twcert.org.tw/tw/cp-132-7819-9661a-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-26289
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.
References: https://forge.sigb.net/projects/pmb/files
https://github.com/enisaeu/CNW/blob/main/advisories/2024/CNW-2024-A-12.md
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5403
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server.
References: https://www.twcert.org.tw/tw/cp-132-7821-87e38-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-5407
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.
References: https://github.com/josepsanzcamp/RhinOS
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-5408
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.
References: https://github.com/josepsanzcamp/RhinOS
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-5409
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.
References: https://github.com/josepsanzcamp/RhinOS
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-35219
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.
References: https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
https://github.com/OpenAPITools/openapi-generator/pull/18652
https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-35231
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue.
References: https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7
https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-35237
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e impacts all users who have performed verification with an instance of MIT IdentiBot that meets the following conditions: The instance of IdentiBot is tied to a "public" Discord application—i.e., users other than the API access registrant can add it to servers; *and* the instance has not yet been patched. In affected versions, IdentiBot does not check that a server is authorized before allowing members to execute slash and user commands in that server. As a result, any user can join IdentiBot to their server and then use commands (e.g., `/kerbid`) to reveal the full name and other information about a Discord user who has verified their affiliation with MIT using IdentiBot. The latest version of MIT IdentiBot contains a patch for this vulnerability (implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). There is no way to prevent exploitation of the vulnerability without the patch. To prevent exploitation of the vulnerability, all vulnerable instances of IdentiBot should be taken offline until they have been updated.
References: https://github.com/ZelnickB/mit-identibot/commit/48e3e5e7ead6777fa75d57c7711c8e55b501c24e
https://github.com/ZelnickB/mit-identibot/security/advisories/GHSA-h8r9-7r8x-78v6
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 27-28, 2024.
During this period, The National Vulnerability Database published 59, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 9
Medium: 21
Low: 3
Severity Not Assigned: 24
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5384
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to sql injection. The attack can be initiated remotely. VDB-266302 is the identifier assigned to this vulnerability.
References: https://vuldb.com/?ctiid.266302
https://vuldb.com/?id.266302
https://vuldb.com/?submit.344502
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5399
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
References: https://www.twcert.org.tw/tw/cp-132-7817-6ce29-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-5400
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
References: https://www.twcert.org.tw/tw/cp-132-7819-9661a-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-26289
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.
References: https://forge.sigb.net/projects/pmb/files
https://github.com/enisaeu/CNW/blob/main/advisories/2024/CNW-2024-A-12.md
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5403
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server.
References: https://www.twcert.org.tw/tw/cp-132-7821-87e38-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-5407
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.
References: https://github.com/josepsanzcamp/RhinOS
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-5408
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.
References: https://github.com/josepsanzcamp/RhinOS
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-5409
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.
References: https://github.com/josepsanzcamp/RhinOS
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-35219
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.
References: https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
https://github.com/OpenAPITools/openapi-generator/pull/18652
https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-35231
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not constrained to any limitation. This would lead to allocating resources on the server side with no limitation and a potential denial of service by remotely user-controlled data. Version 2.5.0 contains a patch for the issue.
References: https://github.com/rack/rack-contrib/commit/0eec2a9836329051c6742549e65a94a4c24fe6f7
https://github.com/rack/rack-contrib/security/advisories/GHSA-8c8q-2xw3-j869
CWE-ID: CWE-770
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-35237
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e impacts all users who have performed verification with an instance of MIT IdentiBot that meets the following conditions: The instance of IdentiBot is tied to a "public" Discord application—i.e., users other than the API access registrant can add it to servers; *and* the instance has not yet been patched. In affected versions, IdentiBot does not check that a server is authorized before allowing members to execute slash and user commands in that server. As a result, any user can join IdentiBot to their server and then use commands (e.g., `/kerbid`) to reveal the full name and other information about a Discord user who has verified their affiliation with MIT using IdentiBot. The latest version of MIT IdentiBot contains a patch for this vulnerability (implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). There is no way to prevent exploitation of the vulnerability without the patch. To prevent exploitation of the vulnerability, all vulnerable instances of IdentiBot should be taken offline until they have been updated.
References: https://github.com/ZelnickB/mit-identibot/commit/48e3e5e7ead6777fa75d57c7711c8e55b501c24e
https://github.com/ZelnickB/mit-identibot/security/advisories/GHSA-h8r9-7r8x-78v6
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found