In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 24-25, 2024.
During this period, The National Vulnerability Database published 98, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 7
High: 9
Medium: 16
Low: 0
Severity Not Assigned: 66
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4499
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location.
References: https://huntr.com/bounties/336cd0eb-eb47-450d-9b2c-9332f69af65a
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5683
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.
References: https://www.usom.gov.tr/bildirim/tr-24-0739
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-37089
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-37091
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-37092
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-37107
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through 3.25.1.
References: https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-37109
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through 3.25.1.
References: https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-37111
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through 3.25.1.
References: https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-denial-of-service-attack-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-37228
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.
References: https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-38-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-37231
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.
References: https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-9-9-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-5862
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before 1.0.14.
References: https://www.usom.gov.tr/bildirim/tr-24-0765
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-4748
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server.
The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server.
References: https://cert.pl/en/posts/2024/06/CVE-2024-4748
https://cert.pl/posts/2024/06/CVE-2024-4748
https://github.com/jan-vandenberg/cruddiy/issues/67
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-6285
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware.
An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.
References: https://asrg.io/security-advisories/cve-2024-6285/
https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-6287
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code.
When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.
References: https://asrg.io/security-advisories/cve-2024-6287/
https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675c6b57c571b469b298f04
CWE-ID: CWE-682
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-38369
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.
References: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-38373
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1.
References: https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv
CWE-ID: CWE-126
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 24-25, 2024.
During this period, The National Vulnerability Database published 98, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 7
High: 9
Medium: 16
Low: 0
Severity Not Assigned: 66
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-4499
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.7
Description: A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location.
References: https://huntr.com/bounties/336cd0eb-eb47-450d-9b2c-9332f69af65a
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5683
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.
References: https://www.usom.gov.tr/bildirim/tr-24-0739
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-37089
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.2
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-37091
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-remote-code-execution-rce-vulnerability?_s_id=cve
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-37092
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 6.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
References: https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-37107
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through 3.25.1.
References: https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-37109
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through 3.25.1.
References: https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-37111
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through 3.25.1.
References: https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-denial-of-service-attack-vulnerability?_s_id=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-37228
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.
References: https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-38-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-37231
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.
References: https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-9-9-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-5862
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before 1.0.14.
References: https://www.usom.gov.tr/bildirim/tr-24-0765
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-4748
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server.
The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server.
References: https://cert.pl/en/posts/2024/06/CVE-2024-4748
https://cert.pl/posts/2024/06/CVE-2024-4748
https://github.com/jan-vandenberg/cruddiy/issues/67
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-6285
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware.
An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.
References: https://asrg.io/security-advisories/cve-2024-6285/
https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-6287
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 0.8
Impact Score: 6.0
Description: Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code.
When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.
References: https://asrg.io/security-advisories/cve-2024-6287/
https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675c6b57c571b469b298f04
CWE-ID: CWE-682
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-38369
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.
References: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-38373
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1.
References: https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1
https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv
CWE-ID: CWE-126
Common Platform Enumerations (CPE): Not Found