CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48659
https://notcve.org/view.php?id=CVE-2024-48659
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. • https://gist.github.com/CLan-nad/a879f7696a58656b384c46bf4ba74e80 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-30157
https://notcve.org/view.php?id=CVE-2024-30157
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-30158
https://notcve.org/view.php?id=CVE-2024-30158
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-41712
https://notcve.org/view.php?id=CVE-2024-41712
A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0022 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48509
https://notcve.org/view.php?id=CVE-2024-48509
Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. ... By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands. • https://medium.com/%40ChadSecurity/the-cve-2024-48509-vulnerability-overview-df58a6be6864 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •