CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31232 – WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-31232
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. Vulnerabilidad de limitación incorrecta de un nombre de ruta a un directorio restringido ("Path Traversal") en Sizam Design Rehub permite la inclusión de archivos locales PHP. Este problema afecta a Rehub: desde n/a hasta 19.6.1. The Rehub theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 19.6.1. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31233 – WordPress Rehub theme <= 19.6.1 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-31233
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Sizam Rehub. Este problema afecta a Rehub: desde n/a hasta 19.6.1. The Rehub theme for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31231 – WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-31231
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. Vulnerabilidad de limitación incorrecta de un nombre de ruta a un directorio restringido ("Path Traversal") en Sizam Design Rehub permite la inclusión de archivos locales PHP. Este problema afecta a Rehub: desde n/a hasta 19.6.1. The Rehub theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 19.6.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •