CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5313 – phpkobo Ajax Poll Script ajax-poll.php improper enforcement of a single, unique action
https://notcve.org/view.php?id=CVE-2023-5313
A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/tht1997/WhiteBox/blob/main/PHPKOBO/ajax_pool_script.md https://vuldb.com/?ctiid.240949 https://vuldb.com/?id.240949 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-837: Improper Enforcement of a Single, Unique Action •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41450
https://notcve.org/view.php?id=CVE-2023-41450
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. Un problema en phpkobo AjaxNewsTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para el parámetro reque. • http://ajaxnewsticker.com http://phpkobo.com https://gist.github.com/RNPG/e11af10e1bd3606de8b568033d932589 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41446
https://notcve.org/view.php?id=CVE-2023-41446
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. Vulnerabilidad de Cross-Site Scripting en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para el parámetro de título en el componente index.php. • http://ajaxnewsticker.com http://phpkobo.com https://gist.github.com/RNPG/4bb91170f8ee50b395427f26bc96a1f2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41447
https://notcve.org/view.php?id=CVE-2023-41447
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. Vulnerabilidad de Cross-Site Scriptings en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro subcmd en el componente index.php. • http://ajaxnewsticker.com http://phpkobo.com https://gist.github.com/RNPG/56b9fe4dcc3a248d4288bde5ffb3a5b3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41453
https://notcve.org/view.php?id=CVE-2023-41453
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. Vulnerabilidad de Cross Site Scripting en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro cmd en el componente index.php. • http://ajaxnewsticker.com http://phpkobo.com https://gist.github.com/RNPG/be2ca92cb1f943d4c340c75fbfc9b783 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •