CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42599
https://notcve.org/view.php?id=CVE-2024-42599
SeaCMS 13.0 has a remote code execution vulnerability. • https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-42767
https://notcve.org/view.php?id=CVE-2024-42767
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. • https://cwe.mitre.org/data/definitions/434.html https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Unrestricted%20File%20Upload.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-42770
https://notcve.org/view.php?id=CVE-2024-42770
A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Sign%20UP.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30372 – Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30372
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8480 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8480
This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.7/sirv.php#L6331 https://plugins.trac.wordpress.org/browser/sirv/trunk/sirv.php?rev=3103410#L4647 https://plugins.trac.wordpress.org/changeset/3115018 https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=cve • CWE-862: Missing Authorization •