CVE-2024-42598
https://notcve.org/view.php?id=CVE-2024-42598
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md https://gitee.com/fushuling/cve/blob/master/CVE-2024-42598.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-42563
https://notcve.org/view.php?id=CVE-2024-42563
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. • https://gist.github.com/topsky979/f645f99661ff33aed44d65dfa49e36fe • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-7305 – DWF Vulnerability in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2024-7305
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014 • CWE-787: Out-of-bounds Write •
CVE-2024-7777 – Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion
https://notcve.org/view.php?id=CVE-2024-7777
This makes it possible for authenticated attackers, with Administrator-level access and above, to read and delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L829 https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L852 https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L875 https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.3/includes/Admin/AdminAjax.php#L898 https://www.wordfence.com/threat-intel/vulnerabilities/id/4deb128d-0163-4a8e-9591-87352f74c3ef?source& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-7782 – Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.4 - Authenticater (Administrator+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-7782
This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/bit-form/tags/2.13.0/includes/Admin/AdminAjax.php#L1271 https://www.wordfence.com/threat-intel/vulnerabilities/id/d4da8ead-326f-4c93-b56d-8bfa643d7906?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •