CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22132 – Code Injection vulnerability in SAP IDES Systems
https://notcve.org/view.php?id=CVE-2024-22132
SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. • https://me.sap.com/notes/3421659 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24828 – Local Privilege Escalation in execuatables bundled by pkg
https://notcve.org/view.php?id=CVE-2024-24828
On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. ... An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. ... En sistemas Unix, este es `/tmp/pkg/*` que es un directorio compartido para todos los usuarios en el mismo sistema local. ... Un atacante que tiene acceso al mismo sistema local tiene la capacidad de reemplazar los ejecutables genuinos en el directorio compartido con ejecutables maliciosos del mismo nombre. • https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54 https://nodejs.org/api/single-executable-applications.html • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46350
https://notcve.org/view.php?id=CVE-2023-46350
SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. • https://security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24308
https://notcve.org/view.php?id=CVE-2024-24308
SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. • https://security.friendsofpresta.org/modules/2024/02/08/boostmyshopagent.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50026
https://notcve.org/view.php?id=CVE-2023-50026
SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). • https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •