In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between July 12-13, 2024.
During this period, The National Vulnerability Database published 203, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 11
High: 29
Medium: 23
Low: 1
Severity Not Assigned: 139
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-6396
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.
References: https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-6024
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack
References: https://wpscan.com/vulnerability/3d2cdb4f-b7e1-4691-90d1-cddde7f5858e/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-6353
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'search[value]' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/woo-wallet/trunk/includes/class-woo-wallet-ajax.php#L393
https://plugins.trac.wordpress.org/changeset/3116025/
https://wordpress.org/plugins/woo-wallet/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/f7d5a077-8836-4c28-8884-5047585a99e5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-6328
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled.
References: https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L699
https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L714
https://plugins.trac.wordpress.org/changeset/3115231/
https://www.wordfence.com/threat-intel/vulnerabilities/id/17d8e2e9-5e3f-433b-be1a-6ea765eba547?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5325
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fv_export_data’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3115288/form-vibes/trunk/inc/classes/query.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/a3311097-d477-441e-9bf3-3f991a9b6af9?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-35773
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3.
References: https://patchstack.com/database/vulnerability/comment-reply-email/wordpress-comment-reply-email-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-37213
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Woo Lite allows Cross-Site Scripting (XSS).This issue affects Ali2Woo Lite: from n/a through 3.3.9.
References: https://patchstack.com/database/vulnerability/ali2woo-lite/wordpress-aliexpress-dropshipping-with-alinext-lite-plugin-3-3-5-csrf-to-xss-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-37560
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.
References: https://patchstack.com/database/vulnerability/wp-user-switch/wordpress-wp-user-switch-plugin-1-0-5-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-37564
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7.
References: https://patchstack.com/database/vulnerability/payplus-payment-gateway/wordpress-payplus-payment-gateway-plugin-7-0-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-37927
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0.
References: https://patchstack.com/database/vulnerability/noo-jobmonster/wordpress-jobmonster-theme-4-7-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-37928
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0.
References: https://patchstack.com/database/vulnerability/noo-jobmonster/wordpress-jobmonster-theme-4-7-0-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-37932
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
References: https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-37933
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
References: https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-37940
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13.
References: https://patchstack.com/database/vulnerability/seraphinite-accelerator-ext/wordpress-seraphinite-accelerator-full-premium-plugin-2-21-13-csrf-leading-to-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-39903
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
References: https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54
https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-39914
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.
References: https://github.com/FOGProject/fogproject/commit/2413bc034753c32799785e9bf08164ccd0a2759f
https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-38717
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Booking Ultra Pro allows PHP Local File Inclusion.This issue affects Booking Ultra Pro: from n/a through 1.1.13.
References: https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-appointments-booking-calendar-plugin-1-1-13-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-38734
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4.
References: https://patchstack.com/database/vulnerability/import-spreadsheets-from-microsoft-excel/wordpress-import-spreadsheets-from-microsoft-excel-plugin-10-1-4-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-38735
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in N.O.U.S. Open Useful and Simple Event post allows PHP Local File Inclusion.This issue affects Event post: from n/a through 5.9.5.
References: https://patchstack.com/database/vulnerability/event-post/wordpress-event-post-plugin-5-9-5-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-38736
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13.
References: https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-39917
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
References: https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-40518
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
References: https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
23. CVE-2024-40519
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
References: https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_smtp.php%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
24. CVE-2024-40520
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
References: https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_config_mark.php%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
25. CVE-2024-40521
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
References: https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20admin_template.php%20%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
26. CVE-2024-40522
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.
References: https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
27. CVE-2024-40539
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.
References: https://gitee.com/witmy/my-springsecurity-plus/issues/IAAE8U
CWE-ID: CWE-89
Common Platform Enumerations (CPE): cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*
28. CVE-2024-40540
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.
References: https://gitee.com/witmy/my-springsecurity-plus/issues/IAAGZY
CWE-ID: CWE-89
Common Platform Enumerations (CPE): cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*
29. CVE-2024-40541
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.
References: https://gitee.com/witmy/my-springsecurity-plus/issues/IAAH8A
CWE-ID: CWE-89
Common Platform Enumerations (CPE): cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*
30. CVE-2024-40542
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.
References: https://gitee.com/witmy/my-springsecurity-plus/issues/IAAHCR
CWE-ID: CWE-89
Common Platform Enumerations (CPE): cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*
31. CVE-2024-40543
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAITR
CWE-ID: CWE-918
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
32. CVE-2024-40544
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAIX8
CWE-ID: CWE-918
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
33. CVE-2024-40545
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAIZD
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
34. CVE-2024-40546
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAKYP
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
35. CVE-2024-40548
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAALCK
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
36. CVE-2024-40549
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAALNE
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
37. CVE-2024-40550
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAALWJ
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
38. CVE-2024-40551
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAM5W
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
39. CVE-2024-40552
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAMMU
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
40. CVE-2024-5902
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in feedback form responses that will execute whenever a high-privileged user tries to view them.
References: https://plugins.trac.wordpress.org/browser/userfeedback-lite/tags/1.0.15/includes/frontend/class-userfeedback-frontend.php#L257
https://www.wordfence.com/threat-intel/vulnerabilities/id/bce9ba42-f574-47c1-9ea5-1e56f9da8e71?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between July 12-13, 2024.
During this period, The National Vulnerability Database published 203, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 11
High: 29
Medium: 23
Low: 1
Severity Not Assigned: 139
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-6396
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.
References: https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0
CWE-ID: CWE-29
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-6024
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack
References: https://wpscan.com/vulnerability/3d2cdb4f-b7e1-4691-90d1-cddde7f5858e/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-6353
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'search[value]' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/woo-wallet/trunk/includes/class-woo-wallet-ajax.php#L393
https://plugins.trac.wordpress.org/changeset/3116025/
https://wordpress.org/plugins/woo-wallet/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/f7d5a077-8836-4c28-8884-5047585a99e5?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-6328
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled.
References: https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L699
https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L714
https://plugins.trac.wordpress.org/changeset/3115231/
https://www.wordfence.com/threat-intel/vulnerabilities/id/17d8e2e9-5e3f-433b-be1a-6ea765eba547?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-5325
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fv_export_data’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3115288/form-vibes/trunk/inc/classes/query.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/a3311097-d477-441e-9bf3-3f991a9b6af9?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-35773
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3.
References: https://patchstack.com/database/vulnerability/comment-reply-email/wordpress-comment-reply-email-plugin-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-37213
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Woo Lite allows Cross-Site Scripting (XSS).This issue affects Ali2Woo Lite: from n/a through 3.3.9.
References: https://patchstack.com/database/vulnerability/ali2woo-lite/wordpress-aliexpress-dropshipping-with-alinext-lite-plugin-3-3-5-csrf-to-xss-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-37560
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.
References: https://patchstack.com/database/vulnerability/wp-user-switch/wordpress-wp-user-switch-plugin-1-0-5-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-37564
Base Score: 8.5
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7.
References: https://patchstack.com/database/vulnerability/payplus-payment-gateway/wordpress-payplus-payment-gateway-plugin-7-0-7-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-37927
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0.
References: https://patchstack.com/database/vulnerability/noo-jobmonster/wordpress-jobmonster-theme-4-7-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-37928
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0.
References: https://patchstack.com/database/vulnerability/noo-jobmonster/wordpress-jobmonster-theme-4-7-0-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-37932
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
References: https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-37933
Base Score: 9.3
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 4.7
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
References: https://patchstack.com/database/vulnerability/woocommerce-openpos/wordpress-woocommerce-openpos-plugin-6-4-4-unauthenticated-sql-injection-vulnerability?_s_id=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-37940
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.0
Description: Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13.
References: https://patchstack.com/database/vulnerability/seraphinite-accelerator-ext/wordpress-seraphinite-accelerator-full-premium-plugin-2-21-13-csrf-leading-to-arbitrary-file-deletion-vulnerability?_s_id=cve
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-39903
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
References: https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54
https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-39914
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.
References: https://github.com/FOGProject/fogproject/commit/2413bc034753c32799785e9bf08164ccd0a2759f
https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-38717
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Booking Ultra Pro allows PHP Local File Inclusion.This issue affects Booking Ultra Pro: from n/a through 1.1.13.
References: https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-appointments-booking-calendar-plugin-1-1-13-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-38734
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4.
References: https://patchstack.com/database/vulnerability/import-spreadsheets-from-microsoft-excel/wordpress-import-spreadsheets-from-microsoft-excel-plugin-10-1-4-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-38735
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in N.O.U.S. Open Useful and Simple Event post allows PHP Local File Inclusion.This issue affects Event post: from n/a through 5.9.5.
References: https://patchstack.com/database/vulnerability/event-post/wordpress-event-post-plugin-5-9-5-local-file-inclusion-vulnerability?_s_id=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-38736
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13.
References: https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-39917
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
References: https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-40518
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
References: https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
23. CVE-2024-40519
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
References: https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_smtp.php%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
24. CVE-2024-40520
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
References: https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_config_mark.php%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
25. CVE-2024-40521
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
References: https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20admin_template.php%20%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
26. CVE-2024-40522
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.
References: https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*
27. CVE-2024-40539
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.
References: https://gitee.com/witmy/my-springsecurity-plus/issues/IAAE8U
CWE-ID: CWE-89
Common Platform Enumerations (CPE): cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*
28. CVE-2024-40540
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.
References: https://gitee.com/witmy/my-springsecurity-plus/issues/IAAGZY
CWE-ID: CWE-89
Common Platform Enumerations (CPE): cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*
29. CVE-2024-40541
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.
References: https://gitee.com/witmy/my-springsecurity-plus/issues/IAAH8A
CWE-ID: CWE-89
Common Platform Enumerations (CPE): cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*
30. CVE-2024-40542
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.
References: https://gitee.com/witmy/my-springsecurity-plus/issues/IAAHCR
CWE-ID: CWE-89
Common Platform Enumerations (CPE): cpe:2.3:a:codermy:my-springsecurity-plus:*:*:*:*:*:*:*:*
31. CVE-2024-40543
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAITR
CWE-ID: CWE-918
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
32. CVE-2024-40544
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAIX8
CWE-ID: CWE-918
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
33. CVE-2024-40545
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAIZD
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
34. CVE-2024-40546
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAKYP
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
35. CVE-2024-40548
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAALCK
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
36. CVE-2024-40549
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAALNE
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
37. CVE-2024-40550
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAALWJ
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
38. CVE-2024-40551
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAM5W
CWE-ID: CWE-434
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
39. CVE-2024-40552
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
References: https://gitee.com/sanluan/PublicCMS/issues/IAAMMU
CWE-ID: NVD-CWE-noinfo
Common Platform Enumerations (CPE): cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*
40. CVE-2024-5902
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in feedback form responses that will execute whenever a high-privileged user tries to view them.
References: https://plugins.trac.wordpress.org/browser/userfeedback-lite/tags/1.0.15/includes/frontend/class-userfeedback-frontend.php#L257
https://www.wordfence.com/threat-intel/vulnerabilities/id/bce9ba42-f574-47c1-9ea5-1e56f9da8e71?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found