CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40551
https://notcve.org/view.php?id=CVE-2024-40551
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAM5W • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40549
https://notcve.org/view.php?id=CVE-2024-40549
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALNE • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40550
https://notcve.org/view.php?id=CVE-2024-40550
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALWJ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40545
https://notcve.org/view.php?id=CVE-2024-40545
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAIZD • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40521
https://notcve.org/view.php?id=CVE-2024-40521
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20admin_template.php%20%20code%20injection.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30213
https://notcve.org/view.php?id=CVE-2024-30213
12 Jul 2024 — StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution. • https://stonefly.com/security-advisories/cve-2024-30213 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40546
https://notcve.org/view.php?id=CVE-2024-40546
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAKYP • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40522
https://notcve.org/view.php?id=CVE-2024-40522
12 Jul 2024 — There is a remote code execution vulnerability in SeaCMS 12.9. ... An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40110
https://notcve.org/view.php?id=CVE-2024-40110
12 Jul 2024 — Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. Sourcecodester Poultry Farm Management System v1.0 contiene una vulnerabilidad de ejecución remota de código (RCE) no autenticada a través del parámetro productimage en /farm/product.php. • https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40519
https://notcve.org/view.php?id=CVE-2024-40519
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_smtp.php%20code%20injection.md •