CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42777
https://notcve.org/view.php?id=CVE-2024-42777
action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20SignUp.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-42778
https://notcve.org/view.php?id=CVE-2024-42778
This allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20Add%20New%20Playlist.pdf https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42780
https://notcve.org/view.php?id=CVE-2024-42780
This allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20Add%20New%20Genre.pdf https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42779
https://notcve.org/view.php?id=CVE-2024-42779
This allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20Add%20New%20Music%20List.pdf https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42362 – GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import
https://notcve.org/view.php?id=CVE-2024-42362
Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. • https://securitylab.github.com/advisories/GHSL-2023-254_GHSL-2023-256_HertzBeat https://github.com/apache/hertzbeat/pull/1611 https://github.com/apache/hertzbeat/pull/1620 https://github.com/apache/hertzbeat/pull/1620/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8 https://github.com/apache/hertzbeat/commit/79f5408e345e8e89da97be05f43e3204a950ddfb https://github.com/apache/hertzbeat/commit/9dbbfb7812fc4440ba72bdee66799edd519d06bb • CWE-502: Deserialization of Untrusted Data •