In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 06-07, 2024.
During this period, The National Vulnerability Database published 76, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 21
Medium: 24
Low: 3
Severity Not Assigned: 22
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-8247
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited.
References: https://plugins.trac.wordpress.org/browser/newsletters-lite/tags/4.9.9.1/wp-mailinglist.php#L3279
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3146287%40newsletters-lite&new=3146287%40newsletters-lite&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/2577102f-6355-4483-bd3d-1948497cb843?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-8480
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.7/sirv.php#L6331
https://plugins.trac.wordpress.org/browser/sirv/trunk/sirv.php?rev=3103410#L4647
https://plugins.trac.wordpress.org/changeset/3115018/
https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-38486
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
References: https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-39585
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.
References: https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability
CWE-ID: CWE-259
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-7349
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3139798/lifterlms/tags/7.7.6/includes/abstracts/abstract.llms.database.query.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/3a096506-b18e-419c-808b-6099baa628ce?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-8292
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.
References: https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/classes/class-rcl-create-order.php#L127
https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/functions-frontend.php#L113
https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/rcl-functions.php#L1339
https://plugins.trac.wordpress.org/changeset/3145798/wp-recall/trunk/add-on/commerce/classes/class-rcl-create-order.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/8fa4b5df-dc71-49de-880b-895eb1d9cdca?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-44739
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=.
References: https://github.com/zach341/Cve_report/blob/main/simple-forum-website/SQLi-1.md
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-45300
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue.
References: https://github.com/alfio-event/alf.io/commit/53b3309e26e8acec6860d1e045df3046153a3245
https://github.com/alfio-event/alf.io/security/advisories/GHSA-67jg-m6f3-473g
CWE-ID: CWE-362
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-7493
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.
References: https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.5.2/includes/form-validation.php#L267
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-8428
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.
References: https://plugins.trac.wordpress.org/browser/forumwp/trunk/includes/frontend/class-actions-listener.php#L179
https://www.wordfence.com/threat-intel/vulnerabilities/id/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-44401
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
References: https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/CVE-2024-44401
https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/D-link_DI_8100GA1_Command_Injection.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-44402
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
References: https://github.com/lonelylonglong/openfile-/blob/main/msp.md/CVE-2024-44402
https://github.com/lonelylonglong/openfile-/blob/main/msp.md/msp.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-44408
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
References: https://github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/CVE-2024-44408
https://github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/DIR-823G.md
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-45294
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This issue has been patched in release 6.3.23. No known workarounds are available.
References: https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22
https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23
https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-45758
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors.
References: https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb
https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-8509
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.
References: https://access.redhat.com/security/cve/CVE-2024-8509
https://bugzilla.redhat.com/show_bug.cgi?id=2310406
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-8517
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
References: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/
https://vulncheck.com/advisories/spip-upload-rce
CWE-ID: CWE-646
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-34974
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2626 build 20231225 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-32
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-39298
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2737 build 20240417 and later
QuTS hero h5.2.0.2782 build 20240601 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-28
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-39300
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-26
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-47563
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.8.2 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-24
CWE-ID: CWE-77 CWE-78
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-50360
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.8.1 ( 2024/02/26 ) and later
References: https://www.qnap.com/en/security-advisory/qsa-24-24
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-51366
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.8
Description: A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-20
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-21897
Base Score: 8.9
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 6.0
Description: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-20
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-21898
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-20
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-32762
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.8.0.872 ( 2024/06/17 ) and later
QuLog Center 1.7.0.827 ( 2024/06/17 ) and later
References: https://www.qnap.com/en/security-advisory/qsa-24-30
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-7652
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1901411
https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
https://www.mozilla.org/security/advisories/mfsa2024-29/
https://www.mozilla.org/security/advisories/mfsa2024-30/
https://www.mozilla.org/security/advisories/mfsa2024-31/
https://www.mozilla.org/security/advisories/mfsa2024-32/
CWE-ID: CWE-476 CWE-843
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between September 06-07, 2024.
During this period, The National Vulnerability Database published 76, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 6
High: 21
Medium: 24
Low: 3
Severity Not Assigned: 22
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-8247
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited.
References: https://plugins.trac.wordpress.org/browser/newsletters-lite/tags/4.9.9.1/wp-mailinglist.php#L3279
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3146287%40newsletters-lite&new=3146287%40newsletters-lite&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/2577102f-6355-4483-bd3d-1948497cb843?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-8480
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
References: https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.7/sirv.php#L6331
https://plugins.trac.wordpress.org/browser/sirv/trunk/sirv.php?rev=3103410#L4647
https://plugins.trac.wordpress.org/changeset/3115018/
https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=cve
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-38486
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
References: https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-39585
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 6.0
Description: Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.
References: https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability
CWE-ID: CWE-259
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-7349
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/changeset/3139798/lifterlms/tags/7.7.6/includes/abstracts/abstract.llms.database.query.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/3a096506-b18e-419c-808b-6099baa628ce?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-8292
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.
References: https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/classes/class-rcl-create-order.php#L127
https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/add-on/commerce/functions-frontend.php#L113
https://plugins.trac.wordpress.org/browser/wp-recall/tags/16.26.8/rcl-functions.php#L1339
https://plugins.trac.wordpress.org/changeset/3145798/wp-recall/trunk/add-on/commerce/classes/class-rcl-create-order.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/8fa4b5df-dc71-49de-880b-895eb1d9cdca?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-44739
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=.
References: https://github.com/zach341/Cve_report/blob/main/simple-forum-website/SQLi-1.md
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-45300
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue.
References: https://github.com/alfio-event/alf.io/commit/53b3309e26e8acec6860d1e045df3046153a3245
https://github.com/alfio-event/alf.io/security/advisories/GHSA-67jg-m6f3-473g
CWE-ID: CWE-362
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-7493
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.
References: https://plugins.trac.wordpress.org/browser/wpcom-member/tags/1.5.2/includes/form-validation.php#L267
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8?source=cve
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-8428
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.
References: https://plugins.trac.wordpress.org/browser/forumwp/trunk/includes/frontend/class-actions-listener.php#L179
https://www.wordfence.com/threat-intel/vulnerabilities/id/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve
CWE-ID: CWE-639
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-44401
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
References: https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/CVE-2024-44401
https://github.com/lonelylonglong/openfile-/blob/main/D-link_DI_8100GA1_Command_Injection.md/D-link_DI_8100GA1_Command_Injection.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-44402
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
References: https://github.com/lonelylonglong/openfile-/blob/main/msp.md/CVE-2024-44402
https://github.com/lonelylonglong/openfile-/blob/main/msp.md/msp.md
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-44408
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
References: https://github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/CVE-2024-44408
https://github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/DIR-823G.md
CWE-ID: CWE-200
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-45294
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This issue has been patched in release 6.3.23. No known workarounds are available.
References: https://github.com/HL7/fhir-ig-publisher/releases/tag/1.6.22
https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-59rq-22fm-x8q5
https://github.com/hapifhir/org.hl7.fhir.core/releases/tag/6.3.23
https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf
CWE-ID: CWE-611
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-45758
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors.
References: https://gist.github.com/AfterSnows/c24ca3c26dc89ab797e610e92a6a9acb
https://spear-shield.notion.site/Unauthenticated-Remote-Code-Execution-via-Unrestricted-JDBC-Connection-87a958a4874044199cbb86422d1f6068
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-8509
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.
References: https://access.redhat.com/security/cve/CVE-2024-8509
https://bugzilla.redhat.com/show_bug.cgi?id=2310406
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-8517
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
References: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/
https://vulncheck.com/advisories/spip-upload-rce
CWE-ID: CWE-646
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-34974
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2626 build 20231225 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-32
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-39298
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2737 build 20240417 and later
QuTS hero h5.2.0.2782 build 20240601 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-28
CWE-ID: CWE-862
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-39300
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-26
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-47563
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 3.1
Impact Score: 3.7
Description: An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.8.2 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-24
CWE-ID: CWE-77 CWE-78
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-50360
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.8.1 ( 2024/02/26 ) and later
References: https://www.qnap.com/en/security-advisory/qsa-24-24
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
23. CVE-2023-51366
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.8
Description: A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-20
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-21897
Base Score: 8.9
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 6.0
Description: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-20
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-21898
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
References: https://www.qnap.com/en/security-advisory/qsa-24-20
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-32762
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.8.0.872 ( 2024/06/17 ) and later
QuLog Center 1.7.0.827 ( 2024/06/17 ) and later
References: https://www.qnap.com/en/security-advisory/qsa-24-30
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-7652
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=1901411
https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
https://www.mozilla.org/security/advisories/mfsa2024-29/
https://www.mozilla.org/security/advisories/mfsa2024-30/
https://www.mozilla.org/security/advisories/mfsa2024-31/
https://www.mozilla.org/security/advisories/mfsa2024-32/
CWE-ID: CWE-476 CWE-843
Common Platform Enumerations (CPE): Not Found