CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31823
https://notcve.org/view.php?id=CVE-2024-31823
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component. Un problema en el commit Ecommerce-CodeIgniter-Bootstrap v. d22b54e8915f167a135046ceb857caaf8479c4da permite a un atacante remoto ejecutar código arbitrario a través del método removeSecondaryImage del componente Publish.php. • https://gist.github.com/LioTree/4989e0f20b6a885604dd3178fa4b66b5 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33445
https://notcve.org/view.php?id=CVE-2024-33445
An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. Un problema en hisiphp v2.0.111 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el parámetro SystemPlugins::mkInfo en el componente SystemPlugins.php. • https://gist.github.com/LioTree/04a4ece38df53af4027d52b2aeb7aff6 https://github.com/hisiphp/hisiphp/issues/11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31822
https://notcve.org/view.php?id=CVE-2024-31822
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. Un problema en el commit Ecommerce-CodeIgniter-Bootstrap v. d22b54e8915f167a135046ceb857caaf8479c4da permite a un atacante remoto ejecutar código arbitrario a través del método saveLanguageFiles del componente Languages.php. • https://gist.github.com/LioTree/f83e25b2c5e144c0b3ad8919e6483c7a https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32491
https://notcve.org/view.php?id=CVE-2024-32491
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server. Se descubrió un problema en Znuny y Znuny LTS 6.0.31 a 6.5.7 y Znuny 7.0.1 a 7.0.16 donde un usuario que inició sesión puede cargar un archivo (a través de una solicitud AJAX manipulada) a una ubicación de escritura arbitraria atravesando rutas. Se puede ejecutar código arbitrario si esta ubicación está disponible públicamente a través del servidor web. • https://www.znuny.org/en/advisories/zsa-2024-01 https://znuny.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-32492
https://notcve.org/view.php?id=CVE-2024-32492
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript. Se descubrió un problema en Znuny 7.0.1 a 7.0.16 donde la vista de detalles del ticket en el frente del cliente permite la ejecución de JavaScript externo. • https://www.znuny.org/en/advisories/zsa-2024-02 https://znuny.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •