CVE-2024-51568
https://notcve.org/view.php?id=CVE-2024-51568
There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters. • https://cwe.mitre.org/data/definitions/78.html https://cyberpanel.net/KnowledgeBase/home/change-logs https://cyberpanel.net/blog/cyberpanel-v2-3-5 https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-8512 – W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8512
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740 https://plugins.trac.wordpress.org/changeset/3175640 https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2024-51075
https://notcve.org/view.php?id=CVE-2024-51075
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Online%20DJ%20Booking/DJ%20online%20Cross%20Site%20Scripting%20%20u.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-51076
https://notcve.org/view.php?id=CVE-2024-51076
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Online%20DJ%20Booking/Reflected%20Cross%20Site%20Scripting%20b.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-51180
https://notcve.org/view.php?id=CVE-2024-51180
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/IFSC%20Code%20Finder/IFSC%20Code%20Finder%20do.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •