In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 04-05, 2024.
During this period, The National Vulnerability Database published 177, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 24
Medium: 66
Low: 5
Severity Not Assigned: 74
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-7950
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator.
References: https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/formhandler.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/includer.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/wpjobportal-hooks.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/configuration/controller.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/controller.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/tmpl/views/frontend/form-field.php
https://plugins.trac.wordpress.org/changeset/3138675/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1d5275-3398-47a7-889b-4050ebe635ee?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-34656
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-34657
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-34659
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-34660
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-6926
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
References: https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-7786
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
References: https://wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-8102
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References: https://plugins.trac.wordpress.org/browser/wpextended/trunk/admin/class-wp-extended-admin.php#L262
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/9d47df99-cff5-4be7-ab8e-ef333cf3755b?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-8104
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
References: https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/libraries/wpext_export/wpext_export.php#L137
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/0fad1834-0ee1-4542-a5a7-55a32861c81d?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-45507
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
References: https://issues.apache.org/jira/browse/OFBIZ-13132
https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
CWE-ID: CWE-918 CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-8289
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role.
References: https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L382
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L641
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L705
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/trunk/api/class-mvx-rest-vendors-controller.php?rev=3145638
https://www.wordfence.com/threat-intel/vulnerabilities/id/a85fbaff-d566-4ed2-8943-c174e0c4d2d8?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-44383
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/wayos_%20FBM_291W.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-44400
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp.
References: https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-7834
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A local privilege escalation is caused by Overwolf
loading and executing certain dynamic link library files from a user-writeable
folder in SYSTEM context on launch. This allows an attacker with unprivileged
access to the system to run arbitrary code with SYSTEM privileges by placing a
malicious .dll file in the respective location.
References: https://www.cirosec.de/sa/sa-2024-004
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-7012
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
References: https://access.redhat.com/errata/RHSA-2024:6335
https://access.redhat.com/errata/RHSA-2024:6336
https://access.redhat.com/errata/RHSA-2024:6337
https://access.redhat.com/security/cve/CVE-2024-7012
https://bugzilla.redhat.com/show_bug.cgi?id=2299429
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-7923
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.
References: https://access.redhat.com/errata/RHSA-2024:6335
https://access.redhat.com/errata/RHSA-2024:6336
https://access.redhat.com/errata/RHSA-2024:6337
https://access.redhat.com/security/cve/CVE-2024-7923
https://bugzilla.redhat.com/show_bug.cgi?id=2305718
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-45506
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service.
References: http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c
http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7f
https://www.haproxy.org/
https://www.haproxy.org/download/3.1/src/CHANGELOG
https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html
https://www.mail-archive.com/haproxy%40formilux.org/msg45281.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-8418
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns.
References: https://access.redhat.com/security/cve/CVE-2024-8418
https://bugzilla.redhat.com/show_bug.cgi?id=2309683
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-43402
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 6.0
Description: Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name.
References: https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj
https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters
CWE-ID: CWE-78 CWE-88
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-43405
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.8
Description: Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. The vulnerability is present in the template signature verification process, specifically in the `signer` package. The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed. This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template. CLI users are affected if they execute custom code templates from unverified sources. This includes templates authored by third parties or obtained from unverified repositories. SDK Users are affected if they are developers integrating Nuclei into their platforms, particularly if they permit the execution of custom code templates by end-users. The vulnerability is addressed in Nuclei v3.3.2. Users are strongly recommended to update to this version to mitigate the security risk. As an interim measure, users should refrain from using custom templates if unable to upgrade immediately. Only trusted, verified templates should be executed. Those who are unable to upgrade Nuclei should disable running custom code templates as a workaround.
References: https://github.com/projectdiscovery/nuclei/commit/0da993afe6d41b4b1b814e8fad23a2acba13c60a
https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-7h5p-mmpp-hgmm
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-44808
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.
References: https://github.com/Vypor/Vypors-Attack-API-System
https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-44817
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component.
References: https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-44817%20ZZCMS2023SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-44859
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`.
References: https://github.com/Ha0-Y/IoT/blob/main/tenda-F1201/WrlExtraGet.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-45050
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch.
References: https://github.com/Lif-Platforms/New-Ringer-Server/commit/ae795ff47b2ac2656ac6a099a0e7954ca7d9ba53
https://github.com/Lif-Platforms/New-Ringer-Server/security/advisories/GHSA-cpc7-79cg-qv65
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-45053
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds.
References: https://github.com/ethyca/fides/commit/829cbd9cb5ef9c814fbac1ed6800e8d939d359c5
https://github.com/ethyca/fides/security/advisories/GHSA-c34r-238x-f7qx
CWE-ID: CWE-1336
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-45075
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
References: https://www.ibm.com/support/pages/node/7167245
CWE-ID: CWE-308
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-45076
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
References: https://www.ibm.com/support/pages/node/7167245
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-20439
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
CWE-ID: CWE-912
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-20440
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.
This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-45170
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings.
References: https://www-syss-de.translate.goog/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-024.txt
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-45174
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.
References: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-023.txt
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-2166
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003.
References: https://support.forcepoint.com/s/article/000042397
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 04-05, 2024.
During this period, The National Vulnerability Database published 177, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 24
Medium: 66
Low: 5
Severity Not Assigned: 74
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-7950
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator.
References: https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/formhandler.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/includer.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/includes/wpjobportal-hooks.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/configuration/controller.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/controller.php
https://plugins.trac.wordpress.org/browser/wp-job-portal/tags/2.1.5/modules/user/tmpl/views/frontend/form-field.php
https://plugins.trac.wordpress.org/changeset/3138675/
https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1d5275-3398-47a7-889b-4050ebe635ee?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-34656
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-34657
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.7
Description: Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-34659
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-34660
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 4.7
Description: Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
References: https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-6926
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
References: https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-7786
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
References: https://wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-8102
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
References: https://plugins.trac.wordpress.org/browser/wpextended/trunk/admin/class-wp-extended-admin.php#L262
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/9d47df99-cff5-4be7-ab8e-ef333cf3755b?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-8104
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
References: https://plugins.trac.wordpress.org/browser/wpextended/trunk/includes/libraries/wpext_export/wpext_export.php#L137
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/0fad1834-0ee1-4542-a5a7-55a32861c81d?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-45507
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
References: https://issues.apache.org/jira/browse/OFBIZ-13132
https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
CWE-ID: CWE-918 CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-8289
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role.
References: https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L382
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L641
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.0/api/class-mvx-rest-vendors-controller.php#L705
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/trunk/api/class-mvx-rest-vendors-controller.php?rev=3145638
https://www.wordfence.com/threat-intel/vulnerabilities/id/a85fbaff-d566-4ed2-8943-c174e0c4d2d8?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-44383
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
References: https://github.com/GroundCTL2MajorTom/pocs/blob/main/wayos_%20FBM_291W.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-44400
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgrade_filter_asp.
References: https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8400-16.07.26A1_Command_Injection.md/D-link_DI_8400-16.07.26A1_Command_Injection.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-7834
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A local privilege escalation is caused by Overwolf
loading and executing certain dynamic link library files from a user-writeable
folder in SYSTEM context on launch. This allows an attacker with unprivileged
access to the system to run arbitrary code with SYSTEM privileges by placing a
malicious .dll file in the respective location.
References: https://www.cirosec.de/sa/sa-2024-004
CWE-ID: CWE-427
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-7012
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access.
References: https://access.redhat.com/errata/RHSA-2024:6335
https://access.redhat.com/errata/RHSA-2024:6336
https://access.redhat.com/errata/RHSA-2024:6337
https://access.redhat.com/security/cve/CVE-2024-7012
https://bugzilla.redhat.com/show_bug.cgi?id=2299429
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-7923
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.
References: https://access.redhat.com/errata/RHSA-2024:6335
https://access.redhat.com/errata/RHSA-2024:6336
https://access.redhat.com/errata/RHSA-2024:6337
https://access.redhat.com/security/cve/CVE-2024-7923
https://bugzilla.redhat.com/show_bug.cgi?id=2305718
CWE-ID: CWE-287
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-45506
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service.
References: http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=c725db17e8416ffb3c1537aea756356228ce5e3c
http://git.haproxy.org/?p=haproxy-3.0.git%3Ba=commitdiff%3Bh=d636e515453320c6e122c313c661a8ac7d387c7f
https://www.haproxy.org/
https://www.haproxy.org/download/3.1/src/CHANGELOG
https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html
https://www.mail-archive.com/haproxy%40formilux.org/msg45281.html
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-8418
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial of service for all other containers using aardvark-dns.
References: https://access.redhat.com/security/cve/CVE-2024-8418
https://bugzilla.redhat.com/show_bug.cgi?id=2309683
https://github.com/containers/aardvark-dns/issues/500
https://github.com/containers/aardvark-dns/pull/503
CWE-ID: CWE-400
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-43402
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 6.0
Description: Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name.
References: https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj
https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters
CWE-ID: CWE-78 CWE-88
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-43405
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.0
Impact Score: 5.8
Description: Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. The vulnerability is present in the template signature verification process, specifically in the `signer` package. The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed. This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template. CLI users are affected if they execute custom code templates from unverified sources. This includes templates authored by third parties or obtained from unverified repositories. SDK Users are affected if they are developers integrating Nuclei into their platforms, particularly if they permit the execution of custom code templates by end-users. The vulnerability is addressed in Nuclei v3.3.2. Users are strongly recommended to update to this version to mitigate the security risk. As an interim measure, users should refrain from using custom templates if unable to upgrade immediately. Only trusted, verified templates should be executed. Those who are unable to upgrade Nuclei should disable running custom code templates as a workaround.
References: https://github.com/projectdiscovery/nuclei/commit/0da993afe6d41b4b1b814e8fad23a2acba13c60a
https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-7h5p-mmpp-hgmm
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-44808
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.
References: https://github.com/Vypor/Vypors-Attack-API-System
https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-44817
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component.
References: https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-44817%20ZZCMS2023SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-44859
Base Score: 8.0
Base Severity: HIGH
Exploitability Score: 2.1
Impact Score: 5.9
Description: Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`.
References: https://github.com/Ha0-Y/IoT/blob/main/tenda-F1201/WrlExtraGet.md
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-45050
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 4.2
Description: Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch.
References: https://github.com/Lif-Platforms/New-Ringer-Server/commit/ae795ff47b2ac2656ac6a099a0e7954ca7d9ba53
https://github.com/Lif-Platforms/New-Ringer-Server/security/advisories/GHSA-cpc7-79cg-qv65
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-45053
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 2.3
Impact Score: 6.0
Description: Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds.
References: https://github.com/ethyca/fides/commit/829cbd9cb5ef9c814fbac1ed6800e8d939d359c5
https://github.com/ethyca/fides/security/advisories/GHSA-c34r-238x-f7qx
CWE-ID: CWE-1336
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-45075
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication.
References: https://www.ibm.com/support/pages/node/7167245
CWE-ID: CWE-308
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-45076
Base Score: 9.9
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 6.0
Description: IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
References: https://www.ibm.com/support/pages/node/7167245
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-20439
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
CWE-ID: CWE-912
Common Platform Enumerations (CPE): Not Found
29. CVE-2024-20440
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.
This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.
References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
30. CVE-2024-45170
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings.
References: https://www-syss-de.translate.goog/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-024.txt
CWE-ID: CWE-284
Common Platform Enumerations (CPE): Not Found
31. CVE-2024-45174
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.2
Description: An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database.
References: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-023.txt
https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
32. CVE-2024-2166
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003.
References: https://support.forcepoint.com/s/article/000042397
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found