In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 30-31, 2024.
During this period, The National Vulnerability Database published 184, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 7
Medium: 38
Low: 2
Severity Not Assigned: 134
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5514
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.
References: https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html
CWE-ID: CWE-798 CWE-912
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5207
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Postman-Email-Log/PostmanEmailQueryLog.php?rev=2974258#L262
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3094453%40post-smtp%2Ftrunk&old=3090744%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/103db583-9399-4a45-a316-808b55fc6a6c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-5326
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
References: https://plugins.trac.wordpress.org/browser/ultimate-post/trunk/classes/Styles.php#L160
https://plugins.trac.wordpress.org/browser/ultimate-post/trunk/classes/Styles.php#L177
https://plugins.trac.wordpress.org/changeset/3093815/
https://www.wordfence.com/threat-intel/vulnerabilities/id/07a3db33-3787-4b63-835d-8e3026206842?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-3584
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
References: https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a
https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5517
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266588.
References: https://github.com/ppp-src/ha/issues/4
https://vuldb.com/?ctiid.266588
https://vuldb.com/?id.266588
https://vuldb.com/?submit.346225
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-3300
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-3301
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-5519
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266590 is the identifier assigned to this vulnerability.
References: https://github.com/L1OudFd8cl09/CVE/issues/2
https://vuldb.com/?ctiid.266590
https://vuldb.com/?id.266590
https://vuldb.com/?submit.346310
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-34171
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Fuji Electric Monitouch V-SFT
is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-5271
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a
type confusion, which could result in arbitrary code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 30-31, 2024.
During this period, The National Vulnerability Database published 184, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 3
High: 7
Medium: 38
Low: 2
Severity Not Assigned: 134
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5514
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.
References: https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html
CWE-ID: CWE-798 CWE-912
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5207
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Postman-Email-Log/PostmanEmailQueryLog.php?rev=2974258#L262
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3094453%40post-smtp%2Ftrunk&old=3090744%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/103db583-9399-4a45-a316-808b55fc6a6c?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-5326
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
References: https://plugins.trac.wordpress.org/browser/ultimate-post/trunk/classes/Styles.php#L160
https://plugins.trac.wordpress.org/browser/ultimate-post/trunk/classes/Styles.php#L177
https://plugins.trac.wordpress.org/changeset/3093815/
https://www.wordfence.com/threat-intel/vulnerabilities/id/07a3db33-3787-4b63-835d-8e3026206842?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-3584
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
References: https://github.com/qdrant/qdrant/commit/15479a45ffa3b955485ae516696f7e933a8cce8a
https://huntr.com/bounties/5c7c82e2-4873-40b7-a5f3-0f4a42642f73
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5517
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266588.
References: https://github.com/ppp-src/ha/issues/4
https://vuldb.com/?ctiid.266588
https://vuldb.com/?id.266588
https://vuldb.com/?submit.346225
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-3300
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-3301
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-5519
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266590 is the identifier assigned to this vulnerability.
References: https://github.com/L1OudFd8cl09/CVE/issues/2
https://vuldb.com/?ctiid.266590
https://vuldb.com/?id.266590
https://vuldb.com/?submit.346310
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-34171
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Fuji Electric Monitouch V-SFT
is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-5271
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a
type confusion, which could result in arbitrary code execution.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found