CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-06070 – Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-06070
Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28391
https://notcve.org/view.php?id=CVE-2024-28391
SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. • https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28388
https://notcve.org/view.php?id=CVE-2024-28388
SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. • https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1991 – RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-1991
This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator El complemento RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login para WordPress es vulnerable a una escalada de privilegios debido a una falta de verificación de capacidad en la función update_users_role() en todas las versiones hasta la 5.3.0.0 incluida. • https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk//services/class_rm_user_services.php#L1205 https://plugins.trac.wordpress.org/changeset/3049490/custom-registration-form-builder-with-submission-manager#file24 https://www.wordfence.com/threat-intel/vulnerabilities/id/766e3966-157a-4db3-9179-813032343f76?source=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28390
https://notcve.org/view.php?id=CVE-2024-28390
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. • https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html • CWE-284: Improper Access Control •