CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10653 – CHANGING Information Technology IDExpert - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-10653
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. • https://www.twcert.org.tw/en/cp-139-8175-57245-2.html https://www.twcert.org.tw/tw/cp-132-8174-a17fd-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10652 – CHANGING Information Technology IDExpert - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-10652
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. • https://www.twcert.org.tw/en/cp-139-8173-f8bbc-2.html https://www.twcert.org.tw/tw/cp-132-8172-a02cc-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10651 – CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal
https://notcve.org/view.php?id=CVE-2024-10651
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8171-29297-2.html https://www.twcert.org.tw/tw/cp-132-8170-48a4e-1.html • CWE-36: Absolute Path Traversal •