CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50498 – WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-50498
The WP Query Console plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0. • https://github.com/RandomRobbieBF/CVE-2024-50498 https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48204
https://notcve.org/view.php?id=CVE-2024-48204
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script. • https://gist.github.com/NasYangh/161618e4552ca40ad1ac25b4d673bfcf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48579
https://notcve.org/view.php?id=CVE-2024-48579
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. • https://github.com/baineoli/CVE/blob/main/2024/house%20rental%20management%20system%20-%20SQL%20Injection%20%28Admin%20Login%29.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48580
https://notcve.org/view.php?id=CVE-2024-48580
SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request. • https://github.com/baineoli/CVE/blob/main/2024/courier%20management%20system%20-%20SQL%20Injection%20%28Admin%20Login%29.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48581
https://notcve.org/view.php?id=CVE-2024-48581
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component. • https://github.com/baineoli/CVE/blob/main/2024/courier%20management%20system%20-%20Unrestricted%20File%20Upload%20to%20RCE%20%28Sign%20Up%29.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •