CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52291 – Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
https://notcve.org/view.php?id=CVE-2024-52291
This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. • https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52293 – Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI
https://notcve.org/view.php?id=CVE-2024-52293
Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. • https://github.com/craftcms/cms/commit/123e48a696de1e2f63ab519d4730eb3b87beaa58 https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11175 – Public CMS Voting Management save cross site scripting
https://notcve.org/view.php?id=CVE-2024-11175
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/sanluan/PublicCMS/commit/b9530b9cc1f5cfdad4b637874f59029a6283a65c https://gitee.com/sanluan/PublicCMS/issues/IB2BUV https://vuldb.com/?ctiid.284351 https://vuldb.com/?id.284351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52306 – FileManager Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2024-52306
Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. • https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47574
https://notcve.org/view.php?id=CVE-2024-47574
A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. • https://fortiguard.fortinet.com/psirt/FG-IR-24-199 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •