In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between August 23-24, 2024.
During this period, The National Vulnerability Database published 79, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 25
Medium: 31
Low: 0
Severity Not Assigned: 17
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-43477
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43477
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-7559
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://filemanagerpro.io/file-manager-pro/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b45791-4b85-4a2d-8019-1d438bd694cb?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-7258
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References: https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L537
https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L546
https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L575
https://plugins.trac.wordpress.org/changeset/3137475/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd6e18d-9173-4911-af64-5d54c6d2e052?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-36514
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-36514.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-36515
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-36515.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-36516
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-36516.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-36517
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-36517.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-5466
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.
References: https://www.manageengine.com/itom/advisory/cve-2024-5466.html
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-5467
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-5467.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-5490
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-5490.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-5556
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-5556.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-5586
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-37311
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora Online 24.04.4.3, 23.05.14.1, and 22.05.23.1.
References: https://github.com/CollaboraOnline/online/security/advisories/GHSA-hvhm-5c44-977x
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-42764
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
References: https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/CSRF.pdf
https://www.kashipara.com/
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-42765
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.
References: https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/SQL%20Injection%20-%20Login.pdf
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-42915
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.
References: https://github.com/debashish-choudhury/staff-appraisal-system/
https://github.com/soursec/CVEs/tree/main/CVE-2024-42915
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-43782
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.
References: https://github.com/openedx/openedx-translations/commit/3c4093705dec99590577c4d8270ce263f7fffc5a
https://github.com/openedx/openedx-translations/commit/b2444340e8702c7955310331c1db5fd85b25b92b
https://github.com/openedx/openedx-translations/security/advisories/GHSA-fg8c-2pvj-wx3j
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-43791
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.
References: https://github.com/steveklabnik/request_store/security/advisories/GHSA-frp2-5qfc-7r8m
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-42523
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData
References: https://gist.github.com/ilikeoyt/3dbbca2679c2551eaaeaea9c83acf1a1
https://gitee.com/sanluan/PublicCMS/issues/IADVDM
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-42636
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
References: https://github.com/iami233/cve/issues/1
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-44381
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md
https://www.dlink.com/en/security-bulletin/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-44382
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md
https://www.dlink.com/en/security-bulletin/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-44386
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow2.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-33852
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
References: https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-33853
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
References: https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-39841
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
References: https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-42531
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed.
References: http://ezviz.com
https://github.com/Anonymous120386/Anonymous
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-44390
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow8.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-42992
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.
References: https://github.com/juwenyi/CVE-2024-42992
https://pandas.pydata.org/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-7954
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
References: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/
https://vulncheck.com/advisories/spip-porte-plume
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-45187
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server
References: https://research.jfrog.com/vulnerabilities/mage-ai-deleted-users-rce-jfsa-2024-001039602/
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between August 23-24, 2024.
During this period, The National Vulnerability Database published 79, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 25
Medium: 31
Low: 0
Severity Not Assigned: 17
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-43477
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant.
References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43477
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-7559
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://filemanagerpro.io/file-manager-pro/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b45791-4b85-4a2d-8019-1d438bd694cb?source=cve
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-7258
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References: https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L537
https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L546
https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L575
https://plugins.trac.wordpress.org/changeset/3137475/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd6e18d-9173-4911-af64-5d54c6d2e052?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-36514
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-36514.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-36515
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36516), both of which have affected ADAudit Plus' dashboard.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-36515.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-36516
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard.
Note: This vulnerability is different from another vulnerability (CVE-2024-36515), both of which have affected ADAudit Plus' dashboard.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-36516.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-36517
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-36517.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-5466
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.
References: https://www.manageengine.com/itom/advisory/cve-2024-5466.html
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-5467
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-5467.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-5490
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-5490.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-5556
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-5556.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-5586
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option.
References: https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-37311
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora Online 24.04.4.3, 23.05.14.1, and 22.05.23.1.
References: https://github.com/CollaboraOnline/online/security/advisories/GHSA-hvhm-5c44-977x
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-42764
Base Score: 9.4
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.5
Description: Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
References: https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/CSRF.pdf
https://www.kashipara.com/
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-42765
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.
References: https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/SQL%20Injection%20-%20Login.pdf
https://www.kashipara.com/
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-42915
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts.
References: https://github.com/debashish-choudhury/staff-appraisal-system/
https://github.com/soursec/CVEs/tree/main/CVE-2024-42915
CWE-ID: CWE-640
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-43782
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.8
Description: This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.
References: https://github.com/openedx/openedx-translations/commit/3c4093705dec99590577c4d8270ce263f7fffc5a
https://github.com/openedx/openedx-translations/commit/b2444340e8702c7955310331c1db5fd85b25b92b
https://github.com/openedx/openedx-translations/security/advisories/GHSA-fg8c-2pvj-wx3j
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-43791
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.
References: https://github.com/steveklabnik/request_store/security/advisories/GHSA-frp2-5qfc-7r8m
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-42523
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData
References: https://gist.github.com/ilikeoyt/3dbbca2679c2551eaaeaea9c83acf1a1
https://gitee.com/sanluan/PublicCMS/issues/IADVDM
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-42636
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
References: https://github.com/iami233/cve/issues/1
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-44381
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md
https://www.dlink.com/en/security-bulletin/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-44382
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/dlink_DI8004W.md
https://www.dlink.com/en/security-bulletin/
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-44386
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow2.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-33852
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
References: https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-33853
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
References: https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-39841
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
References: https://github.com/centreon/centreon/releases
https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-42531
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed.
References: http://ezviz.com
https://github.com/Anonymous120386/Anonymous
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-44390
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/tenda_FH1206_buffer_overflow8.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-42992
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.
References: https://github.com/juwenyi/CVE-2024-42992
https://pandas.pydata.org/
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-7954
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
References: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/
https://vulncheck.com/advisories/spip-porte-plume
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-45187
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server
References: https://research.jfrog.com/vulnerabilities/mage-ai-deleted-users-rce-jfsa-2024-001039602/
CWE-ID: CWE-266
Common Platform Enumerations (CPE): Not Found