2 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42563
https://notcve.org/view.php?id=CVE-2024-42563
20 Aug 2024 — An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. • https://gist.github.com/topsky979/f645f99661ff33aed44d65dfa49e36fe • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42565
https://notcve.org/view.php?id=CVE-2024-42565
20 Aug 2024 — ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete. • https://gist.github.com/topsky979/648f2cd4f5e58560cbc9308d06e2f876 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •