CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-24520
https://notcve.org/view.php?id=CVE-2024-24520
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. Un problema en Lepton CMS v.7.0.0 permite a un atacante local ejecutar código arbitrario a través del archivo update.php en el lugar del idioma. • https://github.com/xF-9979/CVE-2024-24520 http://lepton.com https://github.com/capture0x/leptoncms https://github.com/xF9979/LEPTON-CMS https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html https://www.exploit-db.com/exploits/51949 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-25291
https://notcve.org/view.php?id=CVE-2024-25291
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. Deskfiler v1.2.3 permite a los atacantes ejecutar código arbitrario cargando un complemento manipulado. • https://github.com/EQSTLab/CVE-2024-25291 https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25291 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24525
https://notcve.org/view.php?id=CVE-2024-24525
An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. Un problema en EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 y 5.4.2 permite a un atacante remoto ejecutar código arbitrario a través del parámetro infoid de la URL. • https://l3v3lforall.github.io/EpointWebBuilder_v5.x_VULN • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-233: Improper Handling of Parameters •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25180
https://notcve.org/view.php?id=CVE-2024-25180
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. Un problema descubierto en pdfmake 0.2.9 permite a atacantes remotos ejecutar código arbitrario mediante una solicitud POST manipulada en la ruta '/pdf'. • https://github.com/bpampuch/pdfmake/issues/2702 https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243 https://www.youtube.com/watch?v=QcOlrWUGo6o • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25350
https://notcve.org/view.php?id=CVE-2024-25350
SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. Vulnerabilidad de inyección SQL en /zms/admin/edit-ticket.php en PHPGurukul Zoo Management System 1.0 a través de los parámetros tickettype y tprice. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Edit_Ticket.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •