CVE-2023-3656 – Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-3656
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network. cashIT! - serving solutions. • https://doi.org/10.35011/ww2q-d522 https://www.cashit.at • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-749: Exposed Dangerous Method or Function •
CVE-2023-45053 – WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-45053
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through 1.3.3. Neutralización inadecuada de etiquetas HTML relacionadas con scripts en una página web (XSS básico) en pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin permite la inyección de código. Este problema afecta a WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: desde n/a hasta 1.3.3. The WP Content Pilot plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.3. This vulnerability makes it possible for authenticated attackers, with contributor access or higher to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing. • https://patchstack.com/database/vulnerability/wp-content-pilot/wordpress-wp-content-pilot-autoblogging-affiliate-marketing-plugin-plugin-1-3-3-html-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2023-44011
https://notcve.org/view.php?id=CVE-2023-44011
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. Un problema en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el archivo de skin layout.master en el componente de administración de skin. • https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-43835
https://notcve.org/view.php?id=CVE-2023-43835
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. • https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2023-5201 – OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode
https://notcve.org/view.php?id=CVE-2023-5201
The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site. El complemento OpenHook para WordPress es vulnerable a la ejecución remota de código en versiones hasta la 4.3.0 incluida a través del código corto 'php'. Esto permite a atacantes autenticados con permisos de nivel de suscriptor o superiores ejecutar código en el servidor. • https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.0/inc/shortcodes.php#L28 https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.1/inc/shortcodes.php?rev=2972840#L24 https://www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •