CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33294
https://notcve.org/view.php?id=CVE-2024-33294
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. Un problema en el sistema de librería que usa PHP/MySQli con Source Code V1.0 permite a un atacante remoto ejecutar código arbitrario a través de la variable _FAILE en el componente Student_edit_photo.php. • https://github.com/CveSecLook/cve/issues/16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34411 – WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-34411
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/canvasio3d-light/wordpress-canvasio3d-light-plugin-2-5-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4346 – Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-4346
This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7 https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets https://www.wordfence.com/threat-intel/vulnerabilities/id/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4345 – Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-4345
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7 https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33752
https://notcve.org/view.php?id=CVE-2024-33752
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. • https://github.com/Myanemo/emlogpro/blob/main/emlog%20pro2.3.2%20File%20upload%20to%20getshell.md • CWE-434: Unrestricted Upload of File with Dangerous Type •