CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40552
https://notcve.org/view.php?id=CVE-2024-40552
12 Jul 2024 — PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. • https://gitee.com/sanluan/PublicCMS/issues/IAAMMU •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40518
https://notcve.org/view.php?id=CVE-2024-40518
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40520
https://notcve.org/view.php?id=CVE-2024-40520
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_config_mark.php%20code%20injection.md • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40551
https://notcve.org/view.php?id=CVE-2024-40551
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAAM5W • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40549
https://notcve.org/view.php?id=CVE-2024-40549
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALNE • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40550
https://notcve.org/view.php?id=CVE-2024-40550
12 Jul 2024 — An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. • https://gitee.com/sanluan/PublicCMS/issues/IAALWJ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2602
https://notcve.org/view.php?id=CVE-2024-2602
11 Jul 2024 — CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38717 – WordPress Booking Ultra Pro Appointments Booking Calendar plugin <= 1.1.13 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38717
11 Jul 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-appointments-booking-calendar-plugin-1-1-13-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38709 – WordPress GD Rating System plugin <= 3.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38709
11 Jul 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/gd-rating-system/wordpress-gd-rating-system-plugin-3-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38735 – WordPress Event post plugin <= 5.9.5 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-38735
11 Jul 2024 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/event-post/wordpress-event-post-plugin-5-9-5-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •