In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 25-26, 2024.
During this period, The National Vulnerability Database published 141, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 12
High: 22
Medium: 23
Low: 5
Severity Not Assigned: 79
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-6198
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device.
References: https://www.baicells.com
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-4196
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
References: https://download.avaya.com/css/public/documents/101090768
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4197
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
References: https://download.avaya.com/css/public/documents/101090768
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-6297
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
References: https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php
https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
https://plugins.trac.wordpress.org/changeset/3105893/
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5431
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution
References: https://plugins.trac.wordpress.org/browser/wp-cafe/tags/2.2.25/core/shortcodes/views/reservation/reservation-form-template.php#L178
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-4638
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-6028
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L4904
https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L6901
https://plugins.trac.wordpress.org/changeset/3103402/quiz-maker/tags/6.5.8.2/public/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php
https://plugins.trac.wordpress.org/changeset/3105555/quiz-maker/tags/6.5.8.4/public/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php
https://wordpress.org/plugins/quiz-maker/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-4639
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-4640
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-5216
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. The impact of this vulnerability includes administrative paralysis, compromised security, and operational disruption, as it allows malicious users to perpetuate their presence within the system indefinitely, undermines the system's security posture, and degrades overall system performance.
References: https://github.com/mintplex-labs/anything-llm/commit/3ef009de73c837f9025df8bba62572885c70c72f
https://huntr.com/bounties/8ec14991-ee35-493d-a8d3-21a1cfd57869
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-6302
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
References: https://conduit.rs/changelog/#v0-7-0-2024-04-25
https://gitlab.com/famedly/conduit/-/releases/v0.7.0
CWE-ID: CWE-280
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-6303
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more
References: https://conduit.rs/changelog/#v0-8-0-2024-06-12
https://gitlab.com/famedly/conduit/-/releases/v0.8.0
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-21827
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947
CWE-ID: CWE-489
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-5805
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
References: https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805
https://www.progress.com/moveit
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-5806
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
References: https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806
https://www.progress.com/moveit
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-6238
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms.
References: https://github.com/pgadmin-org/pgadmin4/issues/7605
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-6257
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
References: https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-6308
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269620.
References: https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_a.md
https://vuldb.com/?ctiid.269620
https://vuldb.com/?id.269620
https://vuldb.com/?submit.363955
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-4498
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing an attacker to manipulate the `discussion_db_name` parameter to traverse the file system and include arbitrary files. This issue is compounded by the bypass of input filtering in the `install_binding`, `reinstall_binding`, and `unInstall_binding` endpoints, despite the presence of a `sanitize_path_from_endpoint(data.name)` filter. Successful exploitation enables an attacker to upload and execute malicious code on the victim's system, leading to Remote Code Execution (RCE).
References: https://huntr.com/bounties/9238e88a-a6ca-4915-9b5d-6cdb4148d3f4
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-4883
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-77 CWE-78 CWE-94
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-4884
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController
allows execution of commands with iisapppool
mconsole privileges.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-77 CWE-78 CWE-94
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-4885
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The
WhatsUp.ExportUtilities.Export.GetFileWithoutZip
allows execution of commands with iisapppool
mconsole privileges.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-5008
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3,
an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-5009
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-5010
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted
unauthenticated
HTTP request can lead to a disclosure of sensitive information.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-5011
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-5276
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.
References: https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.fortra.com/security/advisory/fi-2024-008
https://www.tenable.com/security/research/tra-2024-25
CWE-ID: CWE-20 CWE-89
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-6206
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04659en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-38516
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.
References: https://github.com/aimeos/ai-client-html/commit/bb389620ffc3cf4a2f29c11a1e5f512049e0c132
https://github.com/aimeos/ai-client-html/security/advisories/GHSA-ppm5-jv84-2xg2
CWE-ID: CWE-1295
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-5012
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-5013
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service
vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-5014
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-5015
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-5016
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.
The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between June 25-26, 2024.
During this period, The National Vulnerability Database published 141, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 12
High: 22
Medium: 23
Low: 5
Severity Not Assigned: 79
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-6198
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device.
References: https://www.baicells.com
CWE-ID: CWE-798
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-4196
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
References: https://download.avaya.com/css/public/documents/101090768
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-4197
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
References: https://download.avaya.com/css/public/documents/101090768
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-6297
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator users and send that data back to a server. Currently, not all plugins have been patched and we strongly recommend uninstalling the plugins for the time being and running a complete malware scan.
References: https://plugins.trac.wordpress.org/browser/blaze-widget/trunk/blaze_widget.php
https://plugins.trac.wordpress.org/browser/contact-form-7-multi-step-addon/trunk/trx-contact-form-7-multi-step-addon.php
https://plugins.trac.wordpress.org/browser/simply-show-hooks/trunk/index.php
https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L54
https://plugins.trac.wordpress.org/browser/social-warfare/tags/4.4.6.4/trunk/social-warfare.php#L583
https://plugins.trac.wordpress.org/browser/wrapper-link-elementor/trunk/wrapper.php?rev=3106508
https://plugins.trac.wordpress.org/changeset/3105893/
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3106042%40social-warfare&new=3106042%40social-warfare&sfp_email=&sfph_mail=
https://wordpress.org/support/topic/a-security-message-from-the-plugin-review-team/
https://www.wordfence.com/threat-intel/vulnerabilities/id/56d24bc8-4a1a-4e60-aec5-960703a6058a?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5431
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution
References: https://plugins.trac.wordpress.org/browser/wp-cafe/tags/2.2.25/core/shortcodes/views/reservation/reservation-form-template.php#L178
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-4638
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-6028
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L4904
https://plugins.trac.wordpress.org/browser/quiz-maker/tags/6.5.7.5/public/class-quiz-maker-public.php#L6901
https://plugins.trac.wordpress.org/changeset/3103402/quiz-maker/tags/6.5.8.2/public/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php
https://plugins.trac.wordpress.org/changeset/3105555/quiz-maker/tags/6.5.8.4/public/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php
https://wordpress.org/plugins/quiz-maker/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-4639
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-4640
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-5216
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. The impact of this vulnerability includes administrative paralysis, compromised security, and operational disruption, as it allows malicious users to perpetuate their presence within the system indefinitely, undermines the system's security posture, and degrades overall system performance.
References: https://github.com/mintplex-labs/anything-llm/commit/3ef009de73c837f9025df8bba62572885c70c72f
https://huntr.com/bounties/8ec14991-ee35-493d-a8d3-21a1cfd57869
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-6302
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
References: https://conduit.rs/changelog/#v0-7-0-2024-04-25
https://gitlab.com/famedly/conduit/-/releases/v0.7.0
CWE-ID: CWE-280
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-6303
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more
References: https://conduit.rs/changelog/#v0-8-0-2024-06-12
https://gitlab.com/famedly/conduit/-/releases/v0.8.0
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-21827
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
References: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947
CWE-ID: CWE-489
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-5805
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
References: https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805
https://www.progress.com/moveit
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-5806
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
References: https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806
https://www.progress.com/moveit
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-6238
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms.
References: https://github.com/pgadmin-org/pgadmin4/issues/7605
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-6257
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
References: https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-6308
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269620.
References: https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_a.md
https://vuldb.com/?ctiid.269620
https://vuldb.com/?id.269620
https://vuldb.com/?submit.363955
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-4498
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing an attacker to manipulate the `discussion_db_name` parameter to traverse the file system and include arbitrary files. This issue is compounded by the bypass of input filtering in the `install_binding`, `reinstall_binding`, and `unInstall_binding` endpoints, despite the presence of a `sanitize_path_from_endpoint(data.name)` filter. Successful exploitation enables an attacker to upload and execute malicious code on the victim's system, leading to Remote Code Execution (RCE).
References: https://huntr.com/bounties/9238e88a-a6ca-4915-9b5d-6cdb4148d3f4
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-4883
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-77 CWE-78 CWE-94
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-4884
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController
allows execution of commands with iisapppool
mconsole privileges.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-77 CWE-78 CWE-94
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-4885
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The
WhatsUp.ExportUtilities.Export.GetFileWithoutZip
allows execution of commands with iisapppool
mconsole privileges.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-5008
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3,
an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-5009
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-5010
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted
unauthenticated
HTTP request can lead to a disclosure of sensitive information.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-5011
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-5276
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.
References: https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.fortra.com/security/advisory/fi-2024-008
https://www.tenable.com/security/research/tra-2024-25
CWE-ID: CWE-20 CWE-89
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-6206
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system.
References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04659en_us&docLocale=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-38516
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.
References: https://github.com/aimeos/ai-client-html/commit/bb389620ffc3cf4a2f29c11a1e5f512049e0c132
https://github.com/aimeos/ai-client-html/security/advisories/GHSA-ppm5-jv84-2xg2
CWE-ID: CWE-1295
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-5012
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-5013
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service
vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-5014
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-5015
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-5016
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.
The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients.
References: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
https://www.progress.com/network-monitoring
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found