CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2024-34919
https://notcve.org/view.php?id=CVE-2024-34919
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/CveSecLook/cve/issues/20 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 3CVE-2024-22120 – Time Based SQL Injection in Zabbix Server Audit Log
https://notcve.org/view.php?id=CVE-2024-22120
Zabbix server can perform command execution for configured scripts. ... Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. • https://github.com/W01fh4cker/CVE-2024-22120-RCE https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher https://github.com/isPique/CVE-2024-22120-RCE-with-gopher https://support.zabbix.com/browse/ZBX-24505 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4620 – ArForms < 6.6 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 permite a los usuarios no autenticados modificar los archivos cargados de tal manera que el código PHP se pueda cargar cuando se incluye una entrada de archivo de carga en un formulario. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51636 – Avira Prime Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51636
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-469 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51637 – Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51637
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. • https://www.zerodayinitiative.com/advisories/ZDI-24-468 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •