CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0864 – RCE in Laragon
https://notcve.org/view.php?id=CVE-2024-0864
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. Habilitar el complemento Simple Ajax Uploader incluido en el software de código abierto Laragon permite un ataque de ejecución remota de código (RCE) a través de una validación de entrada incorrecta en un archivo file_upload.php que sirve como ejemplo. De forma predeterminada, Laragon no es vulnerable hasta que un usuario decide utilizar el complemento antes mencionado. • https://cert.pl/en/posts/2024/02/CVE-2024-0864 https://cert.pl/posts/2024/02/CVE-2024-0864 https://laragon.org • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2023-51801
https://notcve.org/view.php?id=CVE-2023-51801
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. Una vulnerabilidad de inyección SQL en el Simple Student Attendance System v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro id en las páginas Student_form.php y class_form.php. • https://github.com/geraldoalcantara/CVE-2023-51801 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-24520
https://notcve.org/view.php?id=CVE-2024-24520
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. Un problema en Lepton CMS v.7.0.0 permite a un atacante local ejecutar código arbitrario a través del archivo update.php en el lugar del idioma. • https://github.com/xF-9979/CVE-2024-24520 http://lepton.com https://github.com/capture0x/leptoncms https://github.com/xF9979/LEPTON-CMS https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html https://www.exploit-db.com/exploits/51949 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-25291
https://notcve.org/view.php?id=CVE-2024-25291
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. Deskfiler v1.2.3 permite a los atacantes ejecutar código arbitrario cargando un complemento manipulado. • https://github.com/EQSTLab/CVE-2024-25291 https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25291 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24525
https://notcve.org/view.php?id=CVE-2024-24525
An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. Un problema en EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 y 5.4.2 permite a un atacante remoto ejecutar código arbitrario a través del parámetro infoid de la URL. • https://l3v3lforall.github.io/EpointWebBuilder_v5.x_VULN • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-233: Improper Handling of Parameters •