homepage
Open menu
Contact Sales

@RISK

The Consensus Security Vulnerability Alert

January 25, 2024  |  Vol. 24, Num. 04

Internet Storm Center SpotlightInternet Storm Center EntriesRecent CVEs

Internet Storm Center Spotlight

INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527

Published: 2024-01-22

Last Updated: 2024-01-22 15:20:40 UTC

by Johannes Ullrich (Version: 1)

Last week (January 16th), Atlassian released its January 2024 Security Bulletin. Included with the bulletin was a patch for CVE-2023-22527, a remote code execution vulnerability in Confluence Data Center and Confluence Server. Atlassian assigned a CVSS score of 10.0 to the vulnerability. Exploitation does not require authentication.

The update fixed a template injection vulnerability. Similar vulnerabilities have been patched in Atlassian products in the past. Confluence, like most (all?) Atlassian products are written in Java. Java, particularly the Struts framework, uses OGNL (Object-Graph Navigation Language) to represent Java objects. An attacker able to inject an arbitrary OGNL object can execute Java code.

Yesterday, more details regarding the vulnerability were released, including proof of concept code. The proof of concept code was created by reversing the patch Atlassian had released. The blog post highlighted how the URL can be used to execute arbitrary code.

Following the release of this blog post, we saw an increase in exploit attempts in our honeypots. For example...

Read the full entry: https://isc.sans.edu/diary/ScansExploit+Attempts+for+Atlassian+Confluence+RCE+Vulnerability+CVE202322527/30576/

Update on Atlassian Exploit Activity

Published: 2024-01-23

Last Updated: 2024-01-23 16:06:49 UTC

by Johannes Ullrich (Version: 1)

Exploit activity against Atlassian Confluence servers has exploded since we first discussed it yesterday. The combination of a simple-to-exploit vulnerability and a potential set of high-value targets makes this an ideal vulnerability for many attackers.

It is questionable how many high-value targets are vulnerable. Most organizations have migrated to the Atlassian cloud offerings and do not host tools like Confluence on premises.

One of the first IPs we saw exploit the vulnerability was 38.150.12.131. This IP address started with a simple "cat /etc/shadow" style exploit, likely testing exploitability.

Read the full entry: https://isc.sans.edu/diary/Update+on+Atlassian+Exploit+Activity/30582/

More Scans for Ivanti Connect "Secure" VPN. Exploits Public

Published: 2024-01-18

Last Updated: 2024-01-18 13:54:31 UTC

by Johannes Ullrich (Version: 1)

Exploits around the Ivanti Connect "Secure" VPN appliance, taking advantage of CVE-2023-46805, continue evolving. Late on Tuesday, more details became public, particularly the blog post by Rapid7 explaining the underlying vulnerability in depth [1]. Rapid7 also does a good job walking you through how Ivanti obfuscates the LUKS key in its appliance. This will make it easier for security researchers to inspect the code, hopefully pointing out additional vulnerabilities to Ivanti in the future. In other words, get ready for more Ivanti exploits, and hopefully patches, this year.

Currently, we do see two specific URLs in our honeypots that match Rapid7's analysis...

Read the full entry: https://isc.sans.edu/diary/More+Scans+for+Ivanti+Connect+Secure+VPN+Exploits+Public/30568/

Internet Storm Center Entries

How Bad User Interfaces Make Security Tools Harmful (2024.01.24)

https://isc.sans.edu/diary/How+Bad+User+Interfaces+Make+Security+Tools+Harmful/30586/

Apple Updates Everything - New 0 Day in WebKit (2024.01.22)

https://isc.sans.edu/diary/Apple+Updates+Everything+New+0+Day+in+WebKit/30578/

macOS Python Script Replacing Wallet Applications with Rogue Apps (2024.01.19)

https://isc.sans.edu/diary/macOS+Python+Script+Replacing+Wallet+Applications+with+Rogue+Apps/30572/

Recent CVEs

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.



CVE-2023-22527 - Confluence Data Center and Server versions prior to the most recent supported versions are susceptible to template injection vulnerability, enabling unauthenticated attackers to achieve remote code execution.

Product: Atlassian Confluence Data Center and Server

CVSS Score: 0

** KEV since 2024-01-24 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-22527

ISC Diary: https://isc.sans.edu/diary/30576

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8812

NVD References: 

- https://confluence.atlassian.com/pages/viewpage.action?pageId=1333335615

- https://jira.atlassian.com/browse/CONFSERVER-93833



CVE-2024-0204 - Fortra's GoAnywhere MFT prior to 7.4.1 allows unauthorized creation of an admin user via the administration portal, bypassing authentication.

Product: Fortra GoAnywhere MFT

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0204

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8822

NVD References: 

- https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml

- https://www.fortra.com/security/advisory/fi-2024-001



CVE-2023-42916 - Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing web content.

Product: Apple WebKit

CVSS Score: 6.5

** KEV since 2023-12-04 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42916

NVD References:

- https://support.apple.com/en-us/HT214031

- https://support.apple.com/en-us/HT214032

- https://support.apple.com/en-us/HT214033



CVE-2023-42917 - Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing web content.

Product: Apple WebKit

CVSS Score:

** KEV since 2023-12-04 ** YES

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-42917

NVD References:

- https://support.apple.com/en-us/HT214031

- https://support.apple.com/en-us/HT214032

- https://support.apple.com/en-us/HT214033



CVE-2024-23222 - tvOS, iOS, iPadOS, macOS Sonoma, iOS, Safari, macOS Ventura, macOS Monterey are vulnerable to a type confusion issue that allows arbitrary code execution via processing maliciously crafted web content, with Apple acknowledging the possibility of exploitation.

Product: Apple tvOS, iOS, iPadOS, macOS Sonoma, iOS, Safari, macOS Ventura, macOS Monterey

CVSS Score: 0

** KEV since 2024-01-23 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23222

ISC Diary: https://isc.sans.edu/diary/30578

NVD References: https://support.apple.com/en-us/HT201222




CVE-2023-38545 - An out-of-bounds write vulnerability makes cURL overflow a heap based buffer in the SOCKS5 proxy handshake.

Product: cURL

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-38545

NVD References: https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/



CVE-2024-0519 - Chromium: CVE-2024-0519 Out of bounds memory access in V8

Product: Google Chrome

CVSS Score: 0

** KEV since 2024-01-17 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0519

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0519

NVD References: 

- https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html

- https://crbug.com/1517354

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/



CVE-2023-6549 - Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service

Product: Citrix NetScaler ADC and NetScaler Gateway 

CVSS Score: 8.2

** KEV since 2024-01-17 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6549

NVD References: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549



CVE-2023-6548 - Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

Product: NetScaler ADC and NetScaler Gateway 

CVSS Score: 5.5

** KEV since 2024-01-17 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-6548

NVD References: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549



CVE-2023-46805 - Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.

Product: Ivanti Connect Secure and Policy Secure

CVSS Score: 8.2

** KEV since 2024-01-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46805

ISC Diary: https://isc.sans.edu/diary/More+Scans+for+Ivanti+Connect+Secure+VPN+Exploits+Public/30568/

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8816

NVD References: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US



CVE-2024-21887 - Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.

Product: Ivanti Connect Secure and Policy Secure

CVSS Score: 9.1

** KEV since 2024-01-10 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21887

NVD References: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US



CVE-2023-35082 - Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

Product: Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core

CVSS Score: 9.8

** KEV since 2024-01-18 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-35082

ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8816

NVD References: https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US



CVE-2023-51714 - An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.

Product: Qt HTTP2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51714

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-51714



CVE-2024-0057 - NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

Product: Microsoft .NET Framework

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0057

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057



CVE-2023-52101 - Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity.

Product: Huawei EMUI

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52101

NVD References: 

- https://consumer.huawei.com/en/support/bulletin/2024/1/

- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977



CVE-2023-52103 - Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.

Product: Huawei EMUI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52103

NVD References: 

- https://consumer.huawei.com/en/support/bulletin/2024/1/

- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977



CVE-2023-52106 - The DownloadProviderMain module has a vulnerability in API permission verification. Successful exploitation of this vulnerability may affect integrity and availability.

Product: Huawei Harmonyos

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52106

NVD References: 

- https://consumer.huawei.com/en/support/bulletin/2024/1/

- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977



CVE-2024-0570 - Totolink N350RT 9.3.5u.6265: Improper access controls in the Setting Handler component (/cgi-bin/cstecgi.cgi) allow remote attackers to initiate attacks, necessitating an upgrade to the affected component (VDB-250786).

Product: Totolink N350RT

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0570

NVD References: 

- https://drive.google.com/file/d/1xmGHvjMTaOn7v6buju5Ifuti3q47G7yF/view?usp=sharing

- https://vuldb.com/?ctiid.250786

- https://vuldb.com/?id.250786



CVE-2024-0571 - Totolink LR1200GB 9.1.0u.6619_B20230130 is vulnerable to a critical remote stack-based buffer overflow in the function setSmsCfg of the file /cgi-bin/cstecgi.cgi, allowing for potential exploitation by an attacker, with the associated identifier VDB-250787.

Product: Totolink LR1200GB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0571

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md

- https://vuldb.com/?ctiid.250787

- https://vuldb.com/?id.250787



CVE-2024-0572 - Totolink LR1200GB 9.1.0u.6619_B20230130 is affected by a critical vulnerability in the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi, leading to a remote stack-based buffer overflow via manipulation of the argument pppoeUser (VDB-250788).

Product: Totolink LR1200GB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0572

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md

- https://vuldb.com/?ctiid.250788

- https://vuldb.com/?id.250788



CVE-2024-0573 - Totolink LR1200GB 9.1.0u.6619_B20230130 is vulnerable to a critical stack-based buffer overflow in the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi, allowing for remote code execution.

Product: Totolink LR1200GB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0573

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md

- https://vuldb.com/?ctiid.250789

- https://vuldb.com/?id.250789



CVE-2024-0574 - The Totolink LR1200GB 9.1.0u.6619_B20230130 is vulnerable to a critical stack-based buffer overflow in the function setParentalRules of the file /cgi-bin/cstecgi.cgi via the manipulation of the sTime argument, allowing for remote attackers to launch an exploit that has been publicly disclosed and is applicable, as identified by VDB-250790.

Product: Totolink LR1200GB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0574

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/4/README.md

- https://vuldb.com/?ctiid.250790

- https://vuldb.com/?id.250790



CVE-2024-0575 - The Totolink LR1200GB 9.1.0u.6619_B20230130 is vulnerable to a critical stack-based buffer overflow via remote attack.

Product: Totolink LR1200GB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0575

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/5/README.md

- https://vuldb.com/?ctiid.250791

- https://vuldb.com/?id.250791



CVE-2022-1609 - The School Management WordPress plugin before 9.9.7 allows unauthenticated attackers to execute arbitrary PHP code via an obfuscated backdoor.

Product: Weblizar School Management

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-1609

NVD References: https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2/



CVE-2023-0224 - The GiveWP WordPress plugin before 2.24.1 allows unauthenticated attackers to perform SQL Injection attacks due to improper user input sanitization.

Product: GiveWP 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0224

NVD References: 

- https://givewp.com/core-2-24-0-vulnerability-patched/

- https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/



CVE-2023-37522 - HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower allows execution of malicious scripts through insecure tags.

Product: HCL BigFix Bare OSD Metal Server WebUI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37522

NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754



CVE-2023-3211 - The WordPress Database Administrator WordPress plugin through 1.0.3 allows for SQL injection due to inadequate sanitization of user inputs in an AJAX action available to unauthenticated users.

Product: WordPress Database Administrator WordPress plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3211

NVD References: https://wpscan.com/vulnerability/873824f0-e8b1-45bd-8579-bc3c649a54e5/



CVE-2024-0576 - Totolink LR1200GB 9.1.0u.6619_B20230130 is prone to a critical stack-based buffer overflow vulnerability in the setIpPortFilterRules function of /cgi-bin/cstecgi.cgi, allowing remote attackers to initiate an attack by manipulating the sPort argument, with the exploit already disclosed publicly as VDB-250792 and the vendor not responding to the disclosure.

Product: Totolink LR1200GB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0576

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/6/README.md

- https://vuldb.com/?ctiid.250792

- https://vuldb.com/?id.250792



CVE-2024-0577 - Totolink LR1200GB 9.1.0u.6619_B20230130 is susceptible to a critical stack-based buffer overflow vulnerability (CVE-2021-0001).

Product: Totolink LR1200G

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0577

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/7/README.md

- https://vuldb.com/?ctiid.250793

- https://vuldb.com/?id.250793



CVE-2024-0578 - Totolink LR1200GB 9.1.0u.6619_B20230130 is vulnerable to a critical stack-based buffer overflow in the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi, allowing remote attackers to launch an exploit; disclosed with identifier VDB-250794.

Product: Totolink LR1200GB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0578

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/8/README.md

- https://vuldb.com/?ctiid.250794

- https://vuldb.com/?id.250794



CVE-2024-0579 - The Totolink X2000R 1.0.0-B20221212.1452 is vulnerable to command injection through the manipulation of the macstr argument, allowing remote attackers to launch attacks, as identified by VDB-250795.

Product: Totolink X2000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0579

NVD References: 

- https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md

- https://vuldb.com/?ctiid.250795

- https://vuldb.com/?id.250795



CVE-2023-37523 - HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower lacks secure tags, enabling an attacker to execute a malicious script on the user's browser.

Product: HCL BigFix Bare OSD Metal Server WebUI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37523

NVD References: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754



CVE-2023-52041 - The Totolink X6000R V9.4.0cu.852_B20230719 allows arbitrary code execution through the sub_410118 function of the shttpd program.

Product: Totolink X6000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52041

NVD References: https://kee02p.github.io/2024/01/13/CVE-2023-52041/



CVE-2024-0200 - GitHub Enterprise Server was vulnerable to an unsafe reflection bug, enabling reflection injection and allowing user-controlled methods execution and remote code execution if an actor with the organization owner role was logged into an account on the GHES instance.

Product: GitHub Enterprise Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0200

NVD References: 

- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5

- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3

- https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13

- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8



CVE-2023-39691 - An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request.

Product: Kodcloud Kodbox

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-39691

NVD References: https://blog.mo60.cn/index.php/archives/kodbox_Logical.html



CVE-2023-52042 - An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.

Product: Totolink X6000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52042

NVD References: https://kee02p.github.io/2024/01/13/CVE-2023-52042/



CVE-2024-0603 - ZhiCms up to 4.0 allows remote attackers to initiate a critical deserialization attack via the mylike argument in app/plug/controller/giftcontroller.php.

Product: ZhiCms 

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0603

NVD References: 

- https://note.zhaoj.in/share/n3QsNbORUR0e

- https://vuldb.com/?ctiid.250839

- https://vuldb.com/?id.250839



CVE-2024-22406 - Shopware's 'name' field in the "aggregations" object is vulnerable to SQL injection and can be exploited using time-based SQL queries, requiring users to update to version 6.5.7.4 or install corresponding security measures.

Product: Shopware

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22406

NVD References: https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9



CVE-2021-4434 - The Social Warfare plugin for WordPress up to version 3.5.2 is vulnerable to Remote Code Execution through the 'swp_url' parameter, enabling server code execution by malicious actors.

Product: Social Warfare plugin for WordPress

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4434

NVD References: 

- https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html

- https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve



CVE-2024-0642 - C21 Live Encoder and Live Mosaic product (version 5.3) allows remote attackers to access the application as an administrator user due to inadequate access control and poor credential management.

Product: C21 Live Encoder and Live Mosaic

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0642

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products



CVE-2024-0643 - The C21 Live Encoder and Live Mosaic product, version 5.3, allows remote attackers to fully compromise the system through unrestricted uploading of dangerous file types.

Product: C21 Live Encoder and Live Mosaic

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0643

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products



CVE-2024-22416 - pyLoad, a free and open-source Download Manager written in pure Python, is vulnerable to Cross-Site Request Forgery (CSRF) attacks allowing unauthenticated users to make any API call via a CSRF attack, which has been fixed in release 0.5.0b3.dev78 and users are recommended to upgrade.

Product: pyLoad Download Manager

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22416

NVD References: 

- https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e

- https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc

- https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm



CVE-2023-5806 - Mergen Software Quality Management System before v1.2 allows SQL Injection.

Product: Mergen Quality Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5806

NVD References: https://www.usom.gov.tr/bildirim/tr-24-0040



CVE-2024-22317 - IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 have a vulnerability that allows remote attackers to obtain sensitive information or cause a denial of service.

Product: IBM App Connect Enterprise

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22317

NVD References: 

- https://exchange.xforce.ibmcloud.com/vulnerabilities/279143

- https://www.ibm.com/support/pages/node/7108661



CVE-2023-40051 - Progress Application Server (PAS) for OpenEdge versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 allows unintended file uploads through a crafted request, potentially leading to a larger scale attack.

Product: Progress Application Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-40051

NVD References: 

- https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport

- https://www.progress.com/openedge



CVE-2024-22212 - Nextcloud Global Site Selector allows unauthorized user authentication due to a flaw in its password verification method, potentially granting attackers access as other users, and can only be mitigated through upgrading to versions 1.4.1, 2.1.2, 2.3.4, or 2.4.5.

Product: Nextcloud Global Site Selector

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22212

NVD References: 

- https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee

- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77

- https://hackerone.com/reports/2248689



CVE-2023-5716 - ASUS Armoury Crate allows remote attackers to access or modify arbitrary files through specific HTTP requests without permission.

Product: ASUS Armoury Crate

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5716

NVD References: https://www.twcert.org.tw/tw/cp-132-7666-fffce-1.html



CVE-2024-0705 - The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection. Product: WordPress Stripe Payment Plugin for WooCommerce

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0705

NVD References: 

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve



CVE-2023-49657 - Apache Superset before 3.0.3 is vulnerable to stored cross-site scripting (XSS) attacks.

Product: Apache Superset

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-49657

NVD References: 

- http://www.openwall.com/lists/oss-security/2024/01/23/5

- https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx



CVE-2024-22203 - Whoogle Search prior to 0.8.4 allows server-side request forgery due to unvalidated user-controlled variables, leading to unauthorized access to internal and external resources on behalf of the server.

Product: Whoogle Search app/routes.py

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22203

NVD References: 

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479

- https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda

- https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/



CVE-2024-22205 - Whoogle Search versions 0.8.3 and prior allow for server-side request forgery due to unsanitized user input in the `window` endpoint, allowing unauthorized access to internal and external resources, fixed in version 0.8.4.

Product: Whoogle Search

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22205

NVD References: 

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L496-L557

- https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L497

- https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda

- https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/



CVE-2024-23636 - SOFARPC, a Java RPC framework, allows an attack through a gadget chain that overcomes its blacklist mechanism, posing a security risk prior to version 5.12.0.

Product: SOFARPC Java RPC framework

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23636

NVD References: 

- https://github.com/sofastack/sofa-rpc/commit/42d19b1b1d14a25aafd9ef7c219c04a19f90fc76

- https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-7q8p-9953-pxvr



CVE-2018-15133 - Laravel Deserialization of Untrusted Data Vulnerability

Product: Laravel

CVSS Score: 0

** KEV since 2024-01-16 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-15133