CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4346 – Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-4346
This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7 https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets https://www.wordfence.com/threat-intel/vulnerabilities/id/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4345 – Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-4345
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7 https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33752
https://notcve.org/view.php?id=CVE-2024-33752
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. • https://github.com/Myanemo/emlogpro/blob/main/emlog%20pro2.3.2%20File%20upload%20to%20getshell.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34072 – Deserialization of Untrusted Data in sagemaker-python-sdk
https://notcve.org/view.php?id=CVE-2024-34072
This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. • https://github.com/aws/sagemaker-python-sdk/pull/4557 https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34073 – Command Injection in sagemaker-python-sdk
https://notcve.org/view.php?id=CVE-2024-34073
This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. • https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5 https://github.com/aws/sagemaker-python-sdk/pull/4556 https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7pc3-pr3q-58vg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •