CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6823 – Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action
https://notcve.org/view.php?id=CVE-2024-6823
This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-settings.php#L32 https://plugins.trac.wordpress.org/changeset/3133909 https://wordpress.org/plugins/media-library-assistant/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/9a446fe7-c97a-436e-b494-b924e6518297?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42489 – Pro Macros Remote Code Execution via Viewpdf and similar macros
https://notcve.org/view.php?id=CVE-2024-42489
Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. • https://github.com/xwikisas/xwiki-pro-macros/blob/main/xwiki-pro-macros-ui/src/main/resources/Confluence/Macros/Viewpdf.xml#L265-L267 https://github.com/xwikisas/xwiki-pro-macros/commit/199553c84901999481a20614f093af2d57970eba https://github.com/xwikisas/xwiki-pro-macros/security/advisories/GHSA-cfq3-q227-7j65 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-6917 – RCE in Veribilim Software's Veribase Order Management
https://notcve.org/view.php?id=CVE-2024-6917
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. • https://www.usom.gov.tr/bildirim/tr-24-1105 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38530 – Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"
https://notcve.org/view.php?id=CVE-2024-38530
This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. • https://github.com/gunet/openeclass/commit/4449cf8bed40fd8fc4b267a5726fab9f9fe5a191 https://github.com/gunet/openeclass/security/advisories/GHSA-88c3-hp7p-grgg • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7094 – JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-7094
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. ... The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. • https://github.com/nastar-id/CVE-2024-7094 https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/css/style.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/formhandler.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/controller.php https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/model.php https://plugins.trac.wordpress.org/browser/js-s • CWE-94: Improper Control of Generation of Code ('Code Injection') •