CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-48709 – iTop vulnerable to potential formula injection in Excel/CSV export file
https://notcve.org/view.php?id=CVE-2023-48709
As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. • https://github.com/Combodo/iTop/commit/083a0b79bfa2c106735b5c10eddb35a05ec7f04a https://github.com/Combodo/iTop/commit/b10bcb976dfe8e55aa0f659bfbcdd18334a1b17c https://github.com/Combodo/iTop/security/advisories/GHSA-9q3x-9987-53x9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31705 – GLPI 10.x.x Remote Command Execution
https://notcve.org/view.php?id=CVE-2024-31705
An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. ... GLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin. • https://github.com/V3locidad/GLPI_POC_Plugins_Shell https://seclists.org/fulldisclosure/2024/Apr/23 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3788 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3788
Exploitation of this vulnerability could allow a remote user to execute arbitrary code. • https://github.com/7Ragnarok7/CVE-2024-37888 https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3787 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3787
Exploitation of this vulnerability could allow a remote user to execute arbitrary code. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3786 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3786
Exploitation of this vulnerability could allow a remote user to execute arbitrary code. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions • CWE-94: Improper Control of Generation of Code ('Code Injection') •