CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3810 – Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode
https://notcve.org/view.php?id=CVE-2024-3810
This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. • https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266 https://www.wordfence.com/threat-intel/vulnerabilities/id/d1b3d4d5-9d2b-4924-a830-27c07fa1ba98?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30988
https://notcve.org/view.php?id=CVE-2024-30988
Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar. • https://medium.com/%40shanunirwan/cve-2024-30988-cross-site-scripting-vulnerability-in-client-management-system-using-php-mysql-1-1-e7a677936c23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-30986
https://notcve.org/view.php?id=CVE-2024-30986
Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter. • https://medium.com/%40shanunirwan/cve-2024-30986-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3fb702d9d510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-30979
https://notcve.org/view.php?id=CVE-2024-30979
Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php. • https://medium.com/%40shanunirwan/cve-2024-30979-stored-cross-site-scripting-xss-in-cyber-cafe-management-system-project-ccms-1-44b10f50817b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30987
https://notcve.org/view.php?id=CVE-2024-30987
Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters. • https://medium.com/%40shanunirwan/cve-2024-30987-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-b6a7a177d254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •