CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-28560
https://notcve.org/view.php?id=CVE-2024-28560
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. • https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 https://gitee.com/niushop-team/niushop_b2c_v5 https://v5.niuteam.cn https://www.niushop.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-41099
https://notcve.org/view.php?id=CVE-2023-41099
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur. • https://support.bull.com/ols/product/security/psirt/security-bulletins/cardos-api-local-privilege-escalation-psirt-358-tlp-clear-version-2-6-cve-2023-41099/view • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28395
https://notcve.org/view.php?id=CVE-2024-28395
SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. • https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html https://security.friendsofpresta.org/modules/2024/03/14/bestkit_popup.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28392
https://notcve.org/view.php?id=CVE-2024-28392
SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. • https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html https://security.friendsofpresta.org/modules/2024/03/14/pscartabandonmentpro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48902 – Tramyardg Autoexpress 1.3.0 Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-48902
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. • https://packetstormsecurity.com/files/177661/Tramyardg-Autoexpress-1.3.0-Authentication-Bypass.html • CWE-269: Improper Privilege Management •