CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48235
https://notcve.org/view.php?id=CVE-2024-48235
25 Oct 2024 — An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. • https://gitee.com/oufu/ofcms/issues/IASIES • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-37847
https://notcve.org/view.php?id=CVE-2024-37847
25 Oct 2024 — An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file. • https://github.com/herombey/Disclosures/blob/main/CVE-2024-37847%20File%20Upload%20Path%20Traversal.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48581
https://notcve.org/view.php?id=CVE-2024-48581
25 Oct 2024 — File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component. • https://github.com/baineoli/CVE/blob/main/2024/courier%20management%20system%20-%20Unrestricted%20File%20Upload%20to%20RCE%20%28Sign%20Up%29.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50484 – WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50484
25 Oct 2024 — The Multi Purpose Mail Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50493 – WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50493
25 Oct 2024 — The Automatic Translation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/automatic-translation/wordpress-automatic-translation-plugin-1-0-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48204
https://notcve.org/view.php?id=CVE-2024-48204
25 Oct 2024 — SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script. • https://gist.github.com/NasYangh/161618e4552ca40ad1ac25b4d673bfcf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37846
https://notcve.org/view.php?id=CVE-2024-37846
25 Oct 2024 — MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. • https://github.com/herombey/Disclosures/blob/main/CVE-2024-37846-CSTI.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48700
https://notcve.org/view.php?id=CVE-2024-48700
25 Oct 2024 — Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component. • https://github.com/ChangeYourWay/post/blob/main/CVE-2024-48700 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50473 – WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50473
25 Oct 2024 — The Ajar in5 Embed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ajar-productions-in5-embed/wordpress-ajar-in5-embed-plugin-3-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48743
https://notcve.org/view.php?id=CVE-2024-48743
25 Oct 2024 — Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. • https://gist.github.com/rvismit/538232c3f258e468195febb69f3f2d3b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •