CVE-2024-44411
https://notcve.org/view.php?id=CVE-2024-44411
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. • https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44411 https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1-2.md https://www.dlink.com/en/security-bulletin • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-44724
https://notcve.org/view.php?id=CVE-2024-44724
AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. • https://github.com/Hebing123/cve/issues/68 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-44410
https://notcve.org/view.php?id=CVE-2024-44410
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. • https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/CVE-2024-44410 https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1.md https://www.dlink.com/en/security-bulletin • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-39715
https://notcve.org/view.php?id=CVE-2024-39715
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-38651
https://notcve.org/view.php?id=CVE-2024-38651
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. • https://www.veeam.com/kb4649 • CWE-94: Improper Control of Generation of Code ('Code Injection') •