In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between August 20-21, 2024.
During this period, The National Vulnerability Database published 142, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 20
High: 45
Medium: 43
Low: 0
Severity Not Assigned: 34
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-7305
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5932
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
References: https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/includes/login-register.php#L235
https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/includes/process-donation.php#L420
https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/src/DonorDashboards/Tabs/EditProfileTab/AvatarRoute.php#L51
https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/vendor/tecnickcom/tcpdf/tcpdf.php#L7861
https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/vendor/vendor-prefixed/fakerphp/faker/src/Faker/ValidGenerator.php#L80
https://plugins.trac.wordpress.org/changeset/3132247/
https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/
https://www.wordfence.com/threat-intel/vulnerabilities/id/93e2d007-8157-42c5-92ad-704dc80749a3?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-7827
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/wp-easycart/trunk/wpeasycart.php#L8821
https://plugins.trac.wordpress.org/changeset/3136347/
https://wordpress.org/plugins/wp-easycart/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/aa55dfe1-7ee8-4d25-a9f6-cbefeebb1376?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2022-1206
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
References: https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-admin-manage.php#L418
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-7702
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries to already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/bit-form/trunk/includes/Admin/AdminAjax.php#L944
https://www.wordfence.com/threat-intel/vulnerabilities/id/07847ba1-cbce-4d81-bd24-46887ac31a5d?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-7777
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References: https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L829
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L852
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L875
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L898
https://www.wordfence.com/threat-intel/vulnerabilities/id/4deb128d-0163-4a8e-9591-87352f74c3ef?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-7780
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.6/includes/Admin/AdminAjax.php#L1108
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.6/includes/Admin/Form/AdminFormHandler.php#L2387
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.6/includes/Core/Messages/EmailTemplateHandler.php#L93
https://www.wordfence.com/threat-intel/vulnerabilities/id/73b6b22a-4699-4307-8a03-148dd9e95d36?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-7782
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References: https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.0/includes/Admin/AdminAjax.php#L1271
https://www.wordfence.com/threat-intel/vulnerabilities/id/d4da8ead-326f-4c93-b56d-8bfa643d7906?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-6847
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.
References: https://wpscan.com/vulnerability/baa860bb-3b7d-438a-ad54-92bf8e21e851/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-43202
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Exposure of Remote Code Execution in Apache Dolphinscheduler.
This issue affects Apache DolphinScheduler: before 3.2.2.
We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.
References: https://github.com/apache/dolphinscheduler/pull/15758
https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5
https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh
https://www.cve.org/CVERecord?id=CVE-2023-49109
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-21689
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17
Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5
See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).
This vulnerability was reported via our Bug Bounty program.
References: https://confluence.atlassian.com/pages/viewpage.action?pageId=1431535667
https://jira.atlassian.com/browse/BAM-25858
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-41700
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-42334
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: Hargal - CWE-284: Improper Access Control
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-42336
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Servision - CWE-287: Improper Authentication
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-42553
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/4b22a22c73b16c7c22c06d4b3f033fdc
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-42554
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
References: https://gist.github.com/topsky979/7d2ebfe6dfa87eecf8f3e6d4eefc48ba
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-42555
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/afd445b90e13a27a6422cea2f5ff0f64
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-42558
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.
References: https://gist.github.com/topsky979/9651b4977e86f5b1bcae7a8959ff3342
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-42559
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.
References: https://gist.github.com/topsky979/99d2ebf7b5598ef227262ba1b2bb392f/edit
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-42561
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php.
References: https://gist.github.com/topsky979/5d2d9104dc4dd7f5dda99cbbd615a0b8
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-42562
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.
References: https://gist.github.com/topsky979/2dcca275bcc18e8058cefef714a2f61b
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-42565
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.
References: https://gist.github.com/topsky979/648f2cd4f5e58560cbc9308d06e2f876
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-42566
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php
References: https://gist.github.com/topsky979/95a8f0d24f1d409a14df4c04e0a8c547
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-42567
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
References: https://gist.github.com/topsky979/96ba3f6ccd333480aa86e7078c4886d7
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-42569
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
References: https://gist.github.com/topsky979/20a81dbf47d371e1dabe08f350c8185d
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-42570
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.
References: https://gist.github.com/topsky979/1d9ebca101fc5e30040436d70e522102
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-42571
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
References: https://gist.github.com/topsky979/5c8e289fa66702fd3acbed558ee449dd
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-42574
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
References: https://gist.github.com/topsky979/7064f8bbd3977ee665a098efcd0170c0
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-42575
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
References: https://gist.github.com/topsky979/2fddc00b33b038cd778c1e4fb1936a15
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-42576
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/50a1d8ad7effd9ccd089952602c831d3
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-42578
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/5eacc7e418e3b73b7ad1fa05d1a72aeb
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-42581
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/2bd26343ccdff7c759f62d332c8caff6
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-42582
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/c0d78b257ce1e661be30de1ce9551d27
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-42583
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/dac0206b8de14763bdbe2b6bb7020cdc
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-42585
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/33de7a4bd7a4517a26fa4e4911b7fb1d
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-42586
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/533b962efb1779e397a241bf7a19643c
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-6918
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability
exists that could cause a crash of the Accutech Manager when receiving a specially crafted
request over port 2536/TCP.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-226-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-226-01.pdf
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-33872
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.
References: https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click
CWE-ID: CWE-269 CWE-89
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-6377
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-6378
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-6379
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-30949
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.
References: https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661
https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/
https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-35540
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.5
Description: A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
References: https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-39690
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace.
References: https://github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584
https://github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-42605
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
References: https://github.com/jinwu1234567890/cms2/tree/main/3/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-42607
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
References: https://github.com/jinwu1234567890/cms2/tree/main/9/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-42609
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
References: https://github.com/jinwu1234567890/cms2/tree/main/8/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-42610
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
References: https://github.com/jinwu1234567890/cms2/tree/main/7/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-42611
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
References: https://github.com/jinwu1234567890/cms2/tree/main/4/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-42613
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
References: https://github.com/jinwu1234567890/cms2/tree/main/14/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-42617
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
References: https://github.com/jinwu1234567890/cms2/tree/main/11/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-42618
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
References: https://github.com/jinwu1234567890/cms2/tree/main/16/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
53. CVE-2024-42621
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
References: https://github.com/jinwu1234567890/cms2/tree/main/12/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
54. CVE-2024-43404
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
References: https://github.com/NicPWNs/MEGABOT/commit/71e79e5581ea36313700385b112d863053fb7ed6
https://github.com/NicPWNs/MEGABOT/issues/137
https://github.com/NicPWNs/MEGABOT/pull/138
https://github.com/NicPWNs/MEGABOT/releases/tag/v1.5.0
https://github.com/NicPWNs/MEGABOT/security/advisories/GHSA-vhxp-4hwq-w3p2
CWE-ID: CWE-95
Common Platform Enumerations (CPE): Not Found
55. CVE-2024-43406
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.
References: https://github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503
https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
56. CVE-2024-27185
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
References: https://developer.joomla.org/security-centre/942-20240802-core-cache-poisoning-in-pagination.html
CWE-ID: CWE-349
Common Platform Enumerations (CPE): Not Found
57. CVE-2024-27187
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Access Controls allows backend users to overwrite their username when disallowed.
References: https://developer.joomla.org/security-centre/945-20240804-core-improper-acl-for-backend-profile-view.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
58. CVE-2024-38175
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38175
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
59. CVE-2024-42619
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
References: https://github.com/jinwu1234567890/cms2/tree/main/17/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
60. CVE-2024-41659
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account.
References: https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163
https://securitylab.github.com/advisories/GHSL-2024-034_memos/
CWE-ID: CWE-942
Common Platform Enumerations (CPE): Not Found
61. CVE-2024-41657
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.
References: https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45
https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor/
CWE-ID: CWE-942
Common Platform Enumerations (CPE): Not Found
62. CVE-2024-42361
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
References: https://github.com/dromara/hertzbeat/blob/1f12ac9f2a1a3d86b1d476775e14174243b250a8/manager/src/main/java/org/dromara/hertzbeat/manager/controller/MonitorsController.java#L202
https://github.com/dromara/hertzbeat/blob/1f12ac9f2a1a3d86b1d476775e14174243b250a8/warehouse/src/main/java/org/dromara/hertzbeat/warehouse/store/HistoryTdEngineDataStorage.java#L242
https://github.com/dromara/hertzbeat/blob/1f12ac9f2a1a3d86b1d476775e14174243b250a8/warehouse/src/main/java/org/dromara/hertzbeat/warehouse/store/HistoryTdEngineDataStorage.java#L295
https://securitylab.github.com/advisories/GHSL-2023-254_GHSL-2023-256_HertzBeat/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
63. CVE-2024-42362
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
References: https://github.com/apache/hertzbeat/commit/79f5408e345e8e89da97be05f43e3204a950ddfb
https://github.com/apache/hertzbeat/commit/9dbbfb7812fc4440ba72bdee66799edd519d06bb
https://github.com/apache/hertzbeat/pull/1611
https://github.com/apache/hertzbeat/pull/1620
https://github.com/apache/hertzbeat/pull/1620/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8
https://securitylab.github.com/advisories/GHSL-2023-254_GHSL-2023-256_HertzBeat/
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
64. CVE-2024-42363
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385.
References: https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/controllers/kubernetes/role_verifications_controller.rb#L10
https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/controllers/kubernetes/role_verifications_controller.rb#L7
https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/models/kubernetes/role_config_file.rb#L80
https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/models/kubernetes/util.rb#L9
https://github.com/zendesk/samson/pull/4071
https://securitylab.github.com/advisories/GHSL-2023-136_Samson/
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
65. CVE-2024-43403
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation.
References: https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/templates/rbac.yaml#L49
https://github.com/kanisterio/kanister/security/advisories/GHSA-h27c-6xm3-mcqp
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between August 20-21, 2024.
During this period, The National Vulnerability Database published 142, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 20
High: 45
Medium: 43
Low: 0
Severity Not Assigned: 34
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-7305
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5932
Base Score: 10.0
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 6.0
Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
References: https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/includes/login-register.php#L235
https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/includes/process-donation.php#L420
https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/src/DonorDashboards/Tabs/EditProfileTab/AvatarRoute.php#L51
https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/vendor/tecnickcom/tcpdf/tcpdf.php#L7861
https://plugins.trac.wordpress.org/browser/give/tags/3.12.0/vendor/vendor-prefixed/fakerphp/faker/src/Faker/ValidGenerator.php#L80
https://plugins.trac.wordpress.org/changeset/3132247/
https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/
https://www.wordfence.com/threat-intel/vulnerabilities/id/93e2d007-8157-42c5-92ad-704dc80749a3?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-7827
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/wp-easycart/trunk/wpeasycart.php#L8821
https://plugins.trac.wordpress.org/changeset/3136347/
https://wordpress.org/plugins/wp-easycart/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/aa55dfe1-7ee8-4d25-a9f6-cbefeebb1376?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2022-1206
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
References: https://plugins.trac.wordpress.org/browser/adrotate/trunk/adrotate-admin-manage.php#L418
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=cve
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-7702
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries to already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/bit-form/trunk/includes/Admin/AdminAjax.php#L944
https://www.wordfence.com/threat-intel/vulnerabilities/id/07847ba1-cbce-4d81-bd24-46887ac31a5d?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-7777
Base Score: 9.0
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References: https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L829
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L852
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L875
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L898
https://www.wordfence.com/threat-intel/vulnerabilities/id/4deb128d-0163-4a8e-9591-87352f74c3ef?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-7780
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.6/includes/Admin/AdminAjax.php#L1108
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.6/includes/Admin/Form/AdminFormHandler.php#L2387
https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.6/includes/Core/Messages/EmailTemplateHandler.php#L93
https://www.wordfence.com/threat-intel/vulnerabilities/id/73b6b22a-4699-4307-8a03-148dd9e95d36?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-7782
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References: https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.0/includes/Admin/AdminAjax.php#L1271
https://www.wordfence.com/threat-intel/vulnerabilities/id/d4da8ead-326f-4c93-b56d-8bfa643d7906?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-6847
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.
References: https://wpscan.com/vulnerability/baa860bb-3b7d-438a-ad54-92bf8e21e851/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-43202
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Exposure of Remote Code Execution in Apache Dolphinscheduler.
This issue affects Apache DolphinScheduler: before 3.2.2.
We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.
References: https://github.com/apache/dolphinscheduler/pull/15758
https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5
https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh
https://www.cve.org/CVERecord?id=CVE-2023-49109
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-21689
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 6.0
Description: This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17
Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5
See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).
This vulnerability was reported via our Bug Bounty program.
References: https://confluence.atlassian.com/pages/viewpage.action?pageId=1431535667
https://jira.atlassian.com/browse/BAM-25858
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-41700
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-42334
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.2
Description: Hargal - CWE-284: Improper Access Control
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-42336
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Servision - CWE-287: Improper Authentication
References: https://www.gov.il/en/Departments/faq/cve_advisories
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-42553
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/4b22a22c73b16c7c22c06d4b3f033fdc
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-42554
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
References: https://gist.github.com/topsky979/7d2ebfe6dfa87eecf8f3e6d4eefc48ba
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-42555
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/afd445b90e13a27a6422cea2f5ff0f64
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-42558
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.
References: https://gist.github.com/topsky979/9651b4977e86f5b1bcae7a8959ff3342
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-42559
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.
References: https://gist.github.com/topsky979/99d2ebf7b5598ef227262ba1b2bb392f/edit
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-42561
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php.
References: https://gist.github.com/topsky979/5d2d9104dc4dd7f5dda99cbbd615a0b8
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-42562
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.
References: https://gist.github.com/topsky979/2dcca275bcc18e8058cefef714a2f61b
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-42565
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.
References: https://gist.github.com/topsky979/648f2cd4f5e58560cbc9308d06e2f876
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-42566
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php
References: https://gist.github.com/topsky979/95a8f0d24f1d409a14df4c04e0a8c547
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-42567
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
References: https://gist.github.com/topsky979/96ba3f6ccd333480aa86e7078c4886d7
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-42569
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
References: https://gist.github.com/topsky979/20a81dbf47d371e1dabe08f350c8185d
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-42570
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.
References: https://gist.github.com/topsky979/1d9ebca101fc5e30040436d70e522102
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-42571
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
References: https://gist.github.com/topsky979/5c8e289fa66702fd3acbed558ee449dd
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-42574
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
References: https://gist.github.com/topsky979/7064f8bbd3977ee665a098efcd0170c0
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-42575
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
References: https://gist.github.com/topsky979/2fddc00b33b038cd778c1e4fb1936a15
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-42576
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/50a1d8ad7effd9ccd089952602c831d3
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-42578
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/5eacc7e418e3b73b7ad1fa05d1a72aeb
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-42581
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/2bd26343ccdff7c759f62d332c8caff6
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
33. CVE-2024-42582
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/c0d78b257ce1e661be30de1ce9551d27
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
34. CVE-2024-42583
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/dac0206b8de14763bdbe2b6bb7020cdc
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
35. CVE-2024-42585
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/33de7a4bd7a4517a26fa4e4911b7fb1d
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
36. CVE-2024-42586
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References: https://gist.github.com/topsky979/533b962efb1779e397a241bf7a19643c
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
37. CVE-2024-6918
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability
exists that could cause a crash of the Accutech Manager when receiving a specially crafted
request over port 2536/TCP.
References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-226-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-226-01.pdf
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
38. CVE-2024-33872
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.
References: https://trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click
CWE-ID: CWE-269 CWE-89
Common Platform Enumerations (CPE): Not Found
39. CVE-2024-6377
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
40. CVE-2024-6378
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
41. CVE-2024-6379
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
References: https://www.3ds.com/vulnerability/advisories
CWE-ID: CWE-601
Common Platform Enumerations (CPE): Not Found
42. CVE-2024-30949
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.
References: https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661
https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/
https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
43. CVE-2024-35540
Base Score: 7.6
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.5
Description: A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
References: https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
44. CVE-2024-39690
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace.
References: https://github.com/projectcapsule/capsule/commit/d620b0457ddec01616b8eab8512a10611611f584
https://github.com/projectcapsule/capsule/security/advisories/GHSA-mq69-4j5w-3qwp
CWE-ID: CWE-863
Common Platform Enumerations (CPE): Not Found
45. CVE-2024-42605
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
References: https://github.com/jinwu1234567890/cms2/tree/main/3/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
46. CVE-2024-42607
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
References: https://github.com/jinwu1234567890/cms2/tree/main/9/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
47. CVE-2024-42609
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
References: https://github.com/jinwu1234567890/cms2/tree/main/8/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
48. CVE-2024-42610
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
References: https://github.com/jinwu1234567890/cms2/tree/main/7/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
49. CVE-2024-42611
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
References: https://github.com/jinwu1234567890/cms2/tree/main/4/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
50. CVE-2024-42613
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
References: https://github.com/jinwu1234567890/cms2/tree/main/14/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
51. CVE-2024-42617
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
References: https://github.com/jinwu1234567890/cms2/tree/main/11/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
52. CVE-2024-42618
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
References: https://github.com/jinwu1234567890/cms2/tree/main/16/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
53. CVE-2024-42621
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
References: https://github.com/jinwu1234567890/cms2/tree/main/12/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
54. CVE-2024-43404
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0.
References: https://github.com/NicPWNs/MEGABOT/commit/71e79e5581ea36313700385b112d863053fb7ed6
https://github.com/NicPWNs/MEGABOT/issues/137
https://github.com/NicPWNs/MEGABOT/pull/138
https://github.com/NicPWNs/MEGABOT/releases/tag/v1.5.0
https://github.com/NicPWNs/MEGABOT/security/advisories/GHSA-vhxp-4hwq-w3p2
CWE-ID: CWE-95
Common Platform Enumerations (CPE): Not Found
55. CVE-2024-43406
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.
References: https://github.com/lf-edge/ekuiper/commit/1a9c745649438feaac357d282959687012b65503
https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
56. CVE-2024-27185
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
References: https://developer.joomla.org/security-centre/942-20240802-core-cache-poisoning-in-pagination.html
CWE-ID: CWE-349
Common Platform Enumerations (CPE): Not Found
57. CVE-2024-27187
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper Access Controls allows backend users to overwrite their username when disallowed.
References: https://developer.joomla.org/security-centre/945-20240804-core-improper-acl-for-backend-profile-view.html
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
58. CVE-2024-38175
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.8
Description: An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38175
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
59. CVE-2024-42619
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
References: https://github.com/jinwu1234567890/cms2/tree/main/17/readme.md
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
60. CVE-2024-41659
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account.
References: https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163
https://securitylab.github.com/advisories/GHSL-2024-034_memos/
CWE-ID: CWE-942
Common Platform Enumerations (CPE): Not Found
61. CVE-2024-41657
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.
References: https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45
https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor/
CWE-ID: CWE-942
Common Platform Enumerations (CPE): Not Found
62. CVE-2024-42361
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
References: https://github.com/dromara/hertzbeat/blob/1f12ac9f2a1a3d86b1d476775e14174243b250a8/manager/src/main/java/org/dromara/hertzbeat/manager/controller/MonitorsController.java#L202
https://github.com/dromara/hertzbeat/blob/1f12ac9f2a1a3d86b1d476775e14174243b250a8/warehouse/src/main/java/org/dromara/hertzbeat/warehouse/store/HistoryTdEngineDataStorage.java#L242
https://github.com/dromara/hertzbeat/blob/1f12ac9f2a1a3d86b1d476775e14174243b250a8/warehouse/src/main/java/org/dromara/hertzbeat/warehouse/store/HistoryTdEngineDataStorage.java#L295
https://securitylab.github.com/advisories/GHSL-2023-254_GHSL-2023-256_HertzBeat/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
63. CVE-2024-42362
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
References: https://github.com/apache/hertzbeat/commit/79f5408e345e8e89da97be05f43e3204a950ddfb
https://github.com/apache/hertzbeat/commit/9dbbfb7812fc4440ba72bdee66799edd519d06bb
https://github.com/apache/hertzbeat/pull/1611
https://github.com/apache/hertzbeat/pull/1620
https://github.com/apache/hertzbeat/pull/1620/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8
https://securitylab.github.com/advisories/GHSL-2023-254_GHSL-2023-256_HertzBeat/
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
64. CVE-2024-42363
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream method. This issue may lead to Remote Code Execution (RCE). This vulnerability is fixed in 3385.
References: https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/controllers/kubernetes/role_verifications_controller.rb#L10
https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/controllers/kubernetes/role_verifications_controller.rb#L7
https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/models/kubernetes/role_config_file.rb#L80
https://github.com/zendesk/samson/blob/107efb4a252425966aac5e77d0c3670f9b5d7229/plugins/kubernetes/app/models/kubernetes/util.rb#L9
https://github.com/zendesk/samson/pull/4071
https://securitylab.github.com/advisories/GHSL-2023-136_Samson/
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
65. CVE-2024-43403
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation.
References: https://github.com/kanisterio/kanister/blob/master/helm/kanister-operator/templates/rbac.yaml#L49
https://github.com/kanisterio/kanister/security/advisories/GHSA-h27c-6xm3-mcqp
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found