In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 17-18, 2024.
During this period, The National Vulnerability Database published 77, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 9
Medium: 8
Low: 9
Severity Not Assigned: 47
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-6042
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268766 is the identifier assigned to this vulnerability.
References: https://github.com/Cormac315/cve/issues/1
https://vuldb.com/?ctiid.268766
https://vuldb.com/?id.268766
https://vuldb.com/?submit.357851
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-6043
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.
References: https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md
https://vuldb.com/?ctiid.268767
https://vuldb.com/?id.268767
https://vuldb.com/?submit.358176
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-6045
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
References: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html
CWE-ID: CWE-798 CWE-912
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-6046
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
References: https://www.twcert.org.tw/en/cp-139-7882-998f5-2.html
https://www.twcert.org.tw/tw/cp-132-7881-f88ad-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-6047
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
References: https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-5650
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.
The affected products and versions are as follows:
CENTUM CS 3000 R3.08.10 to R3.09.50
CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10.
References: https://web-material3.yokogawa.com/1/36044/files/YSAR-24-0002-E.pdf
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-6048
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server.
References: https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html
https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-37305
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.
References: https://github.com/open-quantum-safe/oqs-provider/pull/416
https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx
CWE-ID: CWE-120 CWE-130 CWE-190 CWE-680 CWE-805
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-37890
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
References: https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f
https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e
https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c
https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63
https://github.com/websockets/ws/issues/2230
https://github.com/websockets/ws/pull/2231
https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q
https://nodejs.org/api/http.html#servermaxheaderscount
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-37896
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing to properly enforce restrictions on user input could mean that even a basic form input field can be used to inject arbitrary and potentially dangerous SQL commands. This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. This vulnerability has been addressed in commit `53d033821` which has been included in release version 2.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/flipped-aurora/gin-vue-admin/commit/53d03382188868464ade489ab0713b54392d227f
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gf3r-h744-mqgp
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-37902
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers version 0.27.0. Users are advised to upgrade.
References: https://github.com/deepjavalibrary/djl/releases/tag/v0.28.0
https://github.com/deepjavalibrary/djl/security/advisories/GHSA-w877-jfw7-46rj
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-6065
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268793 was assigned to this vulnerability.
References: https://github.com/ppp-src/CVE/issues/4
https://vuldb.com/?ctiid.268793
https://vuldb.com/?id.268793
https://vuldb.com/?submit.358386
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-6080
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://vuldb.com/?ctiid.268822
https://vuldb.com/?id.268822
https://vuldb.com/?submit.353502
CWE-ID: CWE-428
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 17-18, 2024.
During this period, The National Vulnerability Database published 77, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 4
High: 9
Medium: 8
Low: 9
Severity Not Assigned: 47
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-6042
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268766 is the identifier assigned to this vulnerability.
References: https://github.com/Cormac315/cve/issues/1
https://vuldb.com/?ctiid.268766
https://vuldb.com/?id.268766
https://vuldb.com/?submit.357851
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-6043
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268767.
References: https://github.com/yezzzo/y3/blob/main/SourceCodester%20Best%20house%20rental%20management%20system%20project%20in%20php%201.0%20SQL%20Injection.md
https://vuldb.com/?ctiid.268767
https://vuldb.com/?id.268767
https://vuldb.com/?submit.358176
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-6045
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
References: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html
CWE-ID: CWE-798 CWE-912
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-6046
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
References: https://www.twcert.org.tw/en/cp-139-7882-998f5-2.html
https://www.twcert.org.tw/tw/cp-132-7881-f88ad-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-6047
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
References: https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-5650
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.
The affected products and versions are as follows:
CENTUM CS 3000 R3.08.10 to R3.09.50
CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10.
References: https://web-material3.yokogawa.com/1/36044/files/YSAR-24-0002-E.pdf
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-6048
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server.
References: https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html
https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-37305
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.
References: https://github.com/open-quantum-safe/oqs-provider/pull/416
https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx
CWE-ID: CWE-120 CWE-130 CWE-190 CWE-680 CWE-805
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-37890
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
References: https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f
https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e
https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c
https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63
https://github.com/websockets/ws/issues/2230
https://github.com/websockets/ws/pull/2231
https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q
https://nodejs.org/api/http.html#servermaxheaderscount
CWE-ID: CWE-476
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-37896
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing to properly enforce restrictions on user input could mean that even a basic form input field can be used to inject arbitrary and potentially dangerous SQL commands. This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. This vulnerability has been addressed in commit `53d033821` which has been included in release version 2.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/flipped-aurora/gin-vue-admin/commit/53d03382188868464ade489ab0713b54392d227f
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gf3r-h744-mqgp
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-37902
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers version 0.27.0. Users are advised to upgrade.
References: https://github.com/deepjavalibrary/djl/releases/tag/v0.28.0
https://github.com/deepjavalibrary/djl/security/advisories/GHSA-w877-jfw7-46rj
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-6065
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268793 was assigned to this vulnerability.
References: https://github.com/ppp-src/CVE/issues/4
https://vuldb.com/?ctiid.268793
https://vuldb.com/?id.268793
https://vuldb.com/?submit.358386
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-6080
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://vuldb.com/?ctiid.268822
https://vuldb.com/?id.268822
https://vuldb.com/?submit.353502
CWE-ID: CWE-428
Common Platform Enumerations (CPE): Not Found