CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5313 – phpkobo Ajax Poll Script ajax-poll.php improper enforcement of a single, unique action
https://notcve.org/view.php?id=CVE-2023-5313
30 Sep 2023 — A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/tht1997/WhiteBox/blob/main/PHPKOBO/ajax_pool_script.md • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-837: Improper Enforcement of a Single, Unique Action •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41447
https://notcve.org/view.php?id=CVE-2023-41447
28 Sep 2023 — Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. Vulnerabilidad de Cross-Site Scriptings en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro subcmd en el componente index.php. • http://ajaxnewsticker.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2023-41450
https://notcve.org/view.php?id=CVE-2023-41450
28 Sep 2023 — An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. Un problema en phpkobo AjaxNewsTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para el parámetro reque. • http://ajaxnewsticker.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41446
https://notcve.org/view.php?id=CVE-2023-41446
28 Sep 2023 — Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. Vulnerabilidad de Cross-Site Scripting en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para el parámetro de título en el componente index.php. • http://ajaxnewsticker.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 1CVE-2023-41449
https://notcve.org/view.php?id=CVE-2023-41449
27 Sep 2023 — An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. Un problema en phpkobo AjaxNewsTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para el parámetro reque. • http://ajaxnewsticker.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2023-41452
https://notcve.org/view.php?id=CVE-2023-41452
27 Sep 2023 — Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. Vulnerabilidad de Cross Site Request Forgery en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para el parámetro txt en el componente index.php. • http://ajaxnewsticker.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41445
https://notcve.org/view.php?id=CVE-2023-41445
27 Sep 2023 — Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. Vulnerabilidad de Cross-Site Scripting en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para el componente index.php. • http://ajaxnewsticker.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41453
https://notcve.org/view.php?id=CVE-2023-41453
27 Sep 2023 — Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. Vulnerabilidad de Cross Site Scripting en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro cmd en el componente index.php. • http://ajaxnewsticker.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41448
https://notcve.org/view.php?id=CVE-2023-41448
27 Sep 2023 — Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. Vulnerabilidad de Cross-Site Scripting en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para el parámetro ID en el componente index.php. • http://ajaxnewsticker.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41451
https://notcve.org/view.php?id=CVE-2023-41451
27 Sep 2023 — Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. Vulnerabilidad de Cross Site Scripting en phpkobo AjaxNewTicker v.1.0.5 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para el parámetro txt en el componente index.php. • http://ajaxnewsticker.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •