CVE-2023-46816
https://notcve.org/view.php?id=CVE-2023-46816
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this. Se descubrió un problema en SugarCRM 12 anterior a 12.0.4 y 13 anterior a 13.0.2. • https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-010 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-46509
https://notcve.org/view.php?id=CVE-2023-46509
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. Un problema en Contec SolarView Compact v.6.0 y anteriores permite a un atacante ejecutar código arbitrario a través del componente texteditor.php. • https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-5623 – Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-5623
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location NNM no pudo configurar correctamente las ACL en su directorio de instalación, lo que podría permitir a un usuario con pocos privilegios ejecutar código arbitrario con privilegios de SYSTEM cuando NNM está instalado en una ubicación no estándar. • https://www.tenable.com/security/tns-2023-34 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-276: Incorrect Default Permissions •
CVE-2023-43352
https://notcve.org/view.php?id=CVE-2023-43352
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. Un problema en CMSmadesimple v.2.2.18 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado en el componente Content Manager Menu. • https://github.com/sromanhu/CVE-2023-43352-CMSmadesimple-SSTI--Content https://github.com/sromanhu/CMSmadesimple-SSTI--Content • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-39726
https://notcve.org/view.php?id=CVE-2023-39726
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. Un problema en Mintty v.3.6.4 y anteriores permite a un atacante remoto ejecutar código arbitrario mediante comandos manipulados en la terminal. • https://dgl.cx/2023/09/ansi-terminal-security#mintty-osc50 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •