Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

The Top 10 Not So Common SSH Usernames and Passwords

Published: 2024-10-16.

Last Updated: 2024-10-16 17:26:49 UTC

by Johannes Ullrich (Version: 1)

Our list of "Top" ssh usernames and password is pretty static. Well known defaults, like "root" and "admin" are at the top of the list. But there are always some usernames and password in the list that are not as well known, or only showed up more recently. I will focus in this diary on these "second tier" credentials.

345gs5662d34

Used by Polycom CX600 IP phones, this password often shows up in the username field (as other passwords do) if sloppy bots do enter it into the wrong field.

zyfwp

A backdoor account in Zyxel equipment. It was found by Rapid 7 (and later removed by Zyxel) in 2020.

yhtcAdmin

Used in "Youhua PT939G" fiber routers.

vadmin

The default username for the web hosting platform LiteSpeed. Can be used via SSH or HTTP.

telecomadmin

The username used by Huawei ONT HG8245H5 fiber termination kit.

chenzilong

Not sure. But it may be a popular Chinese character. Maybe anybody reading this knows?

7ujMko0admin

Some Dahua network NVRs use this telnet/ssh password. They are pretending the string "7ujMko0" to the web password, which by default is "admin".

a1sev5y7c39k

The default password for some unspecified routers using the Realtek chipset.

Xpon@Olt9417#

V*SOL GPON OLT default password

ve0RbANG

used with the "YhtcAdmin" username for Youhua PT939G optical network termination equipment. The same device also uses Admin/1234 and Admin/Telecom_1234. .

You can look at our top password list here:

https://isc.sans.edu/data/ssh.html

I will add some of the details about our username and password pages as you look up a particular password. For example:

https://isc.sans.edu/ssh_usernames.html?username=345gs5662d34

Complete diary:

https://isc.sans.edu/diary/The+Top+10+Not+So+Common+SSH+Usernames+and+Passwords/31360/

A Network Nerd's Take on Emergency Preparedness

Published: 2024-10-15. Last Updated: 2024-10-21 15:10:48 UTC

by Johannes Ullrich (Version: 1)

Over the last month, two hurricanes barely missed me. Luckily, neither caused me any significant inconvenience. Sadly, others were not as lucky, and I think this is a good time to do a little "Lessons Learned" exercise. It made me reconsider some of my emergency preparations. I will take a "geek spin" on emergency preparedness in this post. There are better sources to talk about what food to store and how to fill your tub with sufficient water. I will focus more on power and data connectivity. At least once, someone complained that the "Internet Storm Center" does not talk about the weather. This post should keep them happy :).

One advantage of hurricanes, compared to other disasters like earthquakes, is that they are usually announced several days ahead. One very viable option is to "get out". If you plan to get out, make a hotel reservation in a safe spot early. Maybe make a hotel reservation that can be canceled on short notice if you do not need it. Or call some friends/family. Leave before mandatory evacuations are announced. Roads are usually packed 24-48 hours before the storm's landfall.

Unplug as many devices as possible before the storm hits (or before you leave), or disconnect circuit breakers. It may be worthwhile to disconnect cable modems and other devices. During a storm, power will often be unstable, and I have seen power lines fall on cable TV and phone lines. This should not cause harm, but it is best to be safe. At the same time, make sure any rechargeable devices and battery packs are fully charged, and turn them off.

If you own a portable backup battery, ensure they are fully turned off while not in use. These batteries' inverters can use significant power even without any devices plugged in [1].

I am not an electrician, so I refer to others for generator safety issues. Generators connected to natural gas may provide longer-term power backup as long as the natural gas supply is not disrupted. For other fuels, it depends on how much you can store locally.

If you use mobile solar cells: Bring them inside during the storm. Same for any antennas that can be detached, like satellite or cell phone external antennas.

Backup batteries will provide you power for a limited time. Most UPS systems will last 15-60 minutes. Some larger battery packs can last a day (e.g. Tesla Powerwall). Most will not last much longer, but you can extend the lifetime by reducing power consumption, particularly for heavy uses like air conditioners. People outside Florida may not realize it, but after the hurricane passes, you often end up with sunny and hot weather. It may not be easy to live without air conditioning.

Most solar systems will not provide backup power without a battery backup. Only some relatively new inverters can run without grid power or supporting a regular generator. The solar system should be off if the generator is running unless the solar system was specifically designed to support the generator. Do not overestimate the capacity of your backup power solution. You often have surges as devices are turned on (for example, refrigerators). My non-electrician rule of thumb is that you need about three times the capacity of your steady-state usage. [2]

And of course, electricity and water do not work well with each other. If water intrudes into your house, you may still want to turn the devices off.

One issue that kept coming up during the recent storms was the reliability of cellular services. In particular, in more rural areas, which often do not have great cellular coverage in the first place, cellular networks were often not usable. Cellular towers still require uplinks and are sometimes destroyed by high winds or water. Power backup is often limited. Mobile operators will sometimes deploy temporary emergency backup towers. However, these towers may only offer a limited range and capacity. Most phones will allow roaming by default, and mobile operators will allow each other's customers to use their network during disasters. But double-check that your phone has roaming enabled ...

[1] https://www.donrowe.com/power-inverter-faq-a/258.htm

[2] https://www.greenlancer.com/post/solar-battery-backup-vs-generator

Complete diary:

https://isc.sans.edu/diary/A+Network+Nerds+Take+on+Emergency+Preparedness/31356/

Internet Storm Center Entries


Everybody Loves Bash Scripts. Including Attackers. (2024.10.23)

https://isc.sans.edu/diary/Everybody+Loves+Bash+Scripts+Including+Attackers/31376/

How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter? (2024.10.22)

https://isc.sans.edu/diary/How+much+HTTP+not+HTTPS+Traffic+is+Traversing+Your+Perimeter/31372/

Scanning Activity from Subnet 15.184.0.0/16 (2024.10.17)

https://isc.sans.edu/diary/Scanning+Activity+from+Subnet+151840016/31362/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-9486 - Kubernetes Image Builder allows default credentials to enable root access on nodes using Proxmox provider virtual machine images.

Product: Kubernetes Image Builder

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9486

ISC Podcast: https://isc.sans.edu/podcastdetail/9184

NVD References:

- https://github.com/kubernetes-sigs/image-builder/pull/1595

- https://github.com/kubernetes/kubernetes/issues/128006

- https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ

CVE-2024-9264 - Grafana's SQL Expressions experimental feature allows for command injection and local file inclusion due to insufficient sanitization of user input passed to duckdb queries.

Product: Grafana

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9264

ISC Podcast: https://isc.sans.edu/podcastdetail/9188

NVD References: https://grafana.com/security/security-advisories/cve-2024-9264/

CVE-2024-9537 - ScienceLogic SL1 is affected by an unspecified third-party component vulnerability, with fixes available in versions 12.1.3+, 12.2.3+, and 12.3+ and remediations offered for older versions back to 10.1.x.

Product: ScienceLogic SL1

CVSS Score: 9.8

** KEV since 2024-10-21 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9537

NVD References:

- https://arcticwolf.com/resources/blog/rackspace-breach-linked-to-zero-day-vulnerability-sciencelogic-sl1s-third-party-utility/

- https://community.sciencelogic.com/blog/latest-kb-articles-and-known-issues-blog-board/week-of-september-30-2024---latest-kb-articles-and-known-issues-part-1-of-2/1690

- https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6

- https://support.sciencelogic.com/s/article/15465

- https://support.sciencelogic.com/s/article/15527

- https://twitter.com/ynezzor/status/1839931641172467907

- https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/

- https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/

CVE-2024-28987 - SolarWinds Web Help Desk (WHD) software is susceptible to a hardcoded credential flaw that enables unauthorized users to access internal functions and change information.

Product: SolarWinds Web Help Desk

CVSS Score: 0

** KEV since 2024-10-15 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28987

ISC Podcast: https://isc.sans.edu/podcastdetail/9184

CVE-2024-23113 - Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 are vulnerable to a use of externally-controlled format string, enabling an attacker to execute unauthorized code or commands via specially crafted packets.

Product: Fortinet FortiOS

CVSS Score: 0

** KEV since 2024-10-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23113

ISC Podcast: https://isc.sans.edu/podcastdetail/9180

CVE-2024-9594 - The Kubernetes Image Builder vulnerability allows for default credentials to be enabled during the image build process, potentially granting root access.

Product: Kubernetes Image Builder

CVSS Score: 6.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9594

ISC Podcast: https://isc.sans.edu/podcastdetail/9184

NVD References:

- https://github.com/kubernetes-sigs/image-builder/pull/1596

- https://github.com/kubernetes/kubernetes/issues/128007

- https://groups.google.com/g/kubernetes-security-announce/c/UKJG-oZogfA/m/Lu1hcnHmAQAJ

CVE-2024-38820 - The fix for CVE-2022-22968 in DataBinder made disallowedFields patterns case insensitive, potentially leaving fields unprotected due to String.toLowerCase() Locale dependent exceptions.

Product: Spring DataBinder

CVSS Score: 3.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38820

ISC Podcast: https://isc.sans.edu/podcastdetail/9188

NVD References: https://spring.io/security/cve-2024-38820

CVE-2024-9916 - HuangDou UTCMS V9 is vulnerable to critical command injection via the argument o in the file app/modules/ut-cac/admin/cli.php, allowing for remote attacks with a publicly disclosed exploit.

Product: UsualToolCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9916

NVD References:

- https://github.com/DeepMountains/zzz/blob/main/CVE5-1.md

- https://vuldb.com/?ctiid.280244

- https://vuldb.com/?id.280244

- https://vuldb.com/?submit.418748

CVE-2024-9921 - TEAMPLUS TECHNOLOGY's The Team+ does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands.

Product: TEAMPLUS TECHNOLOGY The Team+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9921

NVD References:

- https://www.twcert.org.tw/en/cp-139-8125-4a1ad-2.html

- https://www.twcert.org.tw/tw/cp-132-8124-d9b92-1.html

CVE-2024-9924 - OAKlouds from Hgiga remains vulnerable to unauthenticated remote attackers downloading arbitrary system files despite the incomplete fix for CVE-2024-26261.

Product: Hgiga OAKlouds

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9924

NVD References:

- https://www.twcert.org.tw/en/cp-139-8131-0b5e1-2.html

- https://www.twcert.org.tw/tw/cp-132-8130-89bb1-1.html

CVE-2024-9137 - Moxa service in the affected product lacks an authentication check, allowing attackers to execute commands and compromise the system.

Product: Moxa Service

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9137

NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances

CVE-2024-48253 & CVE-2024-48255 - Cloudlog 2.6.15 allows SQL injection.

Product: Magicbug Cloudlog

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48253

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48255

NVD References:

- https://chiggerlor.substack.com/p/unauthenticated-sql-injection-in-9a3

- https://github.com/magicbug/Cloudlog

- https://www.magicbug.co.uk/cloudlog/

CVE-2024-48251 & CVE-2024-48257 - Wavelog 1.8.5 allows SQL injection

Product: Wavelog

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48251

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48257

NVD References:

- https://chiggerlor.substack.com/p/unauthenticated-sql-injection-in

- https://github.com/wavelog/wavelog/commit/0bf2675d93602b591850790c8fcfced886eca423

- https://www.wavelog.org

CVE-2024-48150 - D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.

Product: D-Link DIR-820L

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48150

NVD References: https://github.com/fu37kola/cve/blob/main/D-Link/DIR-820L/D-Link%20DIR-820L%20Stack%20Overflow%20Vulnerability.md

CVE-2024-48168 - D-Link DCS-960L 1.09 is susceptible to a stack overflow vulnerability in its sub_402280 function of the HNAP service, enabling remote code execution.

Product: D-Link DCS-960L

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48168

NVD References: https://github.com/fu37kola/cve/blob/main/D-Link/DCS-960L/D-Link%20DCS-960L%201.09%20Stack%20overflow_1.md

CVE-2024-48153 - DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function.

Product: DrayTek Vigor3900

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48153

NVD References: https://github.com/tw11ty/CVE/blob/main/DrayTek/Vigor3900/Vigor3900%20command%20execution%20vulnerability.md

CVE-2024-46535 - Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.

Product: Jepaas v7.2.8

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46535

NVD References: https://gitee.com/ketr/jepaas-release/issues/IAPJ8H?from=project-issue

CVE-2023-48082 - Nagios XI before 5.11.3 2024R1 is vulnerable to improperly generated API keys, potentially leading to authentication bypass for all users.

Product: Nagios XI

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-48082

NVD References: https://www.nagios.com/change-log/

CVE-2024-48823 - Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.

Product: Automatic Systems Maintenance SlimLane

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48823

NVD References: https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/

CVE-2024-9972 - ChanGate's Property Management System is vulnerable to SQL Injection, enabling remote attackers to manipulate database contents without authentication.

Product: ChanGate Property Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9972

NVD References:

- https://www.twcert.org.tw/en/cp-139-8141-9b045-2.html

- https://www.twcert.org.tw/tw/cp-132-8140-ee91e-1.html

CVE-2024-9982 - AIM LINE Marketing Platform from Esi Technology is vulnerable to injection attacks, allowing unauthenticated remote attackers to manipulate database content when the LINE Campaign Module is enabled.

Product: Esi Technology AIM LINE Marketing Platform

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9982

NVD References:

- https://www.twcert.org.tw/en/cp-139-8147-eb650-2.html

- https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html

CVE-2024-9925 - TAI Smart Factory's QPLANT SF version 1.0 is vulnerable to SQL injection, allowing remote attackers to retrieve database information via a specially crafted SQL query on the ‘email’ parameter.

Product: Tai Smart Factory QPLANT SF

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9925

NVD References: https://incibe.es/en/incibe-cert/notices/aviso-sci/sql-injection-qplant-tai-smart-factory

CVE-2024-9984 - Ragic Enterprise Cloud Database allows unauthenticated remote attackers to obtain user session cookies through unauthenticated access to specific functionality.

Product: Ragic Enterprise Cloud Database

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9984

NVD References:

- https://www.twcert.org.tw/en/cp-139-8151-1a4b5-2.html

- https://www.twcert.org.tw/tw/cp-132-8150-c955a-1.html

CVE-2024-9985 - Enterprise Cloud Database from Ragic allows attackers to upload a webshell and execute arbitrary code due to lack of file type validation.

Product: Ragic Enterprise Cloud Database

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9985

NVD References:

- https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html

- https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html

CVE-2024-47945 - Rittal IoT Interface & CMC III Processing Unit devices are vulnerable to session hijacking due to predictable session IDs with insufficient entropy, allowing attackers to pre-generate valid IDs and gain unauthorized access to user sessions.

Product: Rittal IoT Interface & CMC III Processing Unit

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47945

NVD References:

- https://r.sec-consult.com/rittaliot

- https://www.rittal.com/de-de/products/deep/3124300

CVE-2024-9973 & CVE-2024-9974 - SourceCodester Online Eyewear Shop 1.0 critical SQL injection flaws

Product: Oretnom23 Online_Eyewear_Shop 1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9973

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9974

NVD References:

- https://gist.github.com/higordiego/b9699573de61b26f2290e69f38d23fd0

- https://gist.github.com/higordiego/2373b9e3e89f03e5f8888efd38eb4b48

- https://www.sourcecodester.com/

CVE-2024-45274 - Multiple Vulnerabilities in mbNET.mini Product

Product: MB connect line MbNET.Mini

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45274 (Missing Authentication for Critical Function)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45275 (Use of Hard-coded Credentials)

NVD References:

- https://cert.vde.com/en/advisories/VDE-2024-056

- https://cert.vde.com/en/advisories/VDE-2024-066

CVE-2024-49388 - Acronis Cyber Protect 16 (Linux, Windows) before build 38690 allows sensitive information manipulation through improper authorization.

Product: Acronis Cyber Protect

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49388

NVD References: https://security-advisory.acronis.com/advisories/SEC-5984

CVE-2024-9976 - Pharmacy Management System 1.0 is susceptible to a critical SQL injection vulnerability in manage_customer.php allowing for remote attacks.

Product: Code-Projects Pharmacy Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9976

NVD References:

- https://code-projects.org/

- https://gist.github.com/higordiego/b57040961b993cb5f1bfe0005f6b57be

CVE-2024-48283 - Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection through the searchkey parameter in /admin//search-result.php.

Product: Phpgurukul User Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48283

NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/phpGurukul/User%20Registration%20%26%20Login%20and%20User%20Management%20System%20With%20admin%20panel/SQL%20Injection%20-%20Search.md

CVE-2024-48914 - Vendure is vulnerable to a traversal attack in versions prior to 3.0.5 and 2.3.3, allowing an attacker to access sensitive server files and potentially crash the server.

Product: Vendure's asset server plugin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48914

NVD References:

- https://github.com/vendure-ecommerce/vendure/blob/801980e8f599c28c5059657a9d85dd03e3827992/packages/asset-server-plugin/src/plugin.ts#L352-L358

- https://github.com/vendure-ecommerce/vendure/commit/e2ee0c43159b3d13b51b78654481094fdd4850c5

- https://github.com/vendure-ecommerce/vendure/commit/e4b58af6822d38a9c92a1d8573e19288b8edaa1c

- https://github.com/vendure-ecommerce/vendure/security/advisories/GHSA-r9mq-3c9r-fmjq

CVE-2024-21172 - Oracle Hospitality OPERA 5 product is vulnerable to a difficult to exploit unauthenticated network attack that can result in a takeover of the system.

Product: Oracle Hospitality OPERA 5

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21172

NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html

CVE-2024-21216 - The Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) is vulnerable to an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3, IIOP to compromise the server and potentially take over.

Product: Oracle Weblogic Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21216

NVD References: https://www.oracle.com/security-alerts/cpuoct2024.html

CVE-2024-49195 - Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

Product: Mbed TLS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49195

NVD References:

- https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/

- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

CVE-2024-48411 - itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection via the val-email parameter in forget_password.php.

Product: itsourcecode Online Tours and Travels Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48411

NVD References: https://github.com/Comitora/CVEs/blob/main/CVE-2024-48411

CVE-2024-48779 - Wanxing Technology's Yitu project Management Software 3.2.2 is vulnerable to remote code execution by exploiting the platformpluginpath parameter.

Product: Wanxing Technology Yitu Project Management Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48779

NVD References: https://gist.github.com/zty-1995/3fcdf702017ad6721e5011f74c1f6cee

CVE-2024-48781 - Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 is vulnerable to remote code execution via a specially crafted file.

Product: Wanxing Technology Yitu Project Management Kirin Edition

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48781

NVD References: https://gist.github.com/zty-1995/a7948be24b3411759a6afa3cc616dc12

CVE-2024-48782 - DYCMS Open-Source Version v2.0.9.41 is vulnerable to file upload, allowing remote attackers to execute arbitrary code by exploiting the front-end's detection of image file extensions.

Product: DYCMS Open-Source Version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48782

NVD References: https://gist.github.com/zty-1995/7750a2ea1231971f973f02dc4c893b46

CVE-2024-10004 - Firefox for iOS < 131.2 can incorrectly display an HTTPS indicator when opening an external link to an HTTP website after the browser was closed with an HTTPS tab open.

Product: Mozilla Firefox for iOS

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10004

NVD References:

- https://bugzilla.mozilla.org/show_bug.cgi?id=1904885

- https://www.mozilla.org/security/advisories/mfsa2024-54/

CVE-2024-9105 - The UltimateAI plugin for WordPress up to version 2.8.3 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.

Product: WordPress UltimateAI plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9105

NVD References:

- https://codecanyon.net/item/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation/51201953

- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=cve

CVE-2024-10018 - Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.

Product: Transsion Holdings AI voice assistant

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10018

NVD References:

- https://security.tecno.com/SRC/blogdetail/323?lang=en_US

- https://security.tecno.com/SRC/securityUpdates?type=SA

CVE-2024-45216 - Apache Solr is vulnerable to an improper authentication issue, allowing authentication bypass through a fake ending in API URL paths.

Product: Apache Solr

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45216

NVD References: https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending

CVE-2023-32191 - RKE stores cluster state in a configmap that can be accessed by non-admin users, leading to potential admin escalation.

Product: Rancher RKE

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32191

NVD References:

- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32191

- https://github.com/rancher/rke/security/advisories/GHSA-6gr4-52w6-vmqx

CVE-2024-48180 - ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method.

Product: ClassCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48180

NVD References: https://github.com/J-0k3r/CVE-2024-48180

CVE-2024-10025 - SICK products are vulnerable to unauthorized access due to plaintext default passwords stored in the .sdd file.

Product: SICK products

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10025

NVD References:

- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

- https://sick.com/psirt

- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

- https://www.first.org/cvss/calculator/3.1

- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json

- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf

CVE-2024-48920 - PutongOJ online judging software allows unprivileged users to escalate privileges before version 2.1.0-beta.1, potentially compromising sensitive data and system integrity, fixed in v2.1.0.beta.1 with a manual patch available.

Product: PutongOJ online judging software

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48920

NVD References:

- https://github.com/acm309/PutongOJ/commit/211dfe9ebf1c6618ce5396b0338de4f9b580715e#diff-782628b47d666d5d551e040815ca3f80c0704397258718f0e0f31164608ea7beL118-R120

- https://github.com/acm309/PutongOJ/releases/tag/v2.1.0-beta.1

- https://github.com/acm309/PutongOJ/security/advisories/GHSA-gj6h-73c5-xw6f

CVE-2023-26785 - MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability.

Product: MariaDB

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26785

NVD References:

- https://github.com/Ant1sec-ops/CVE-2023-26785

- https://seclists.org/fulldisclosure/2012/Dec/39

CVE-2024-43566 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Product: Microsoft Edge Chromium

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43566

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43566

CVE-2024-10118 - SECOM WRTR-304GN-304TW-UPSC is vulnerable to injection attacks allowing unauthenticated remote attackers to execute arbitrary commands on the device.

Product: SECOM WRTR-304GN-304TW-UPSC

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10118

NVD References:

- https://www.twcert.org.tw/en/cp-139-8155-c1ea6-2.html

- https://www.twcert.org.tw/tw/cp-132-8154-69fa5-1.html

CVE-2024-10119 - WRTM326 wireless router from SECOM is vulnerable to remote code execution due to inadequate parameter validation.

Product: SECOM WRTM326

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10119

NVD References:

- https://www.twcert.org.tw/en/cp-139-8157-e0461-2.html

- https://www.twcert.org.tw/tw/cp-132-8156-81c9d-1.html

CVE-2024-9634 - The GiveWP – Donation Plugin and Fundraising Platform for WordPress is vulnerable to PHP Object Injection and remote code execution through untrusted input in the give_company_name parameter.

Product: GiveWP Donation Plugin for WordPress

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9634

NVD References:

- https://plugins.trac.wordpress.org/browser/give/tags/3.16.2/src/Donations/Repositories/DonationRepository.php?rev=3157829

- https://plugins.trac.wordpress.org/changeset/3166836/give/tags/3.16.4/includes/process-donation.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cve

CVE-2016-15040 - The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter, allowing unauthenticated attackers to extract sensitive information from the database.

Product: WordPress Kento Post View Counter

Active Installations: This plugin has been closed and is no longer available for download.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2016-15040

NVD References:

- https://plugins.trac.wordpress.org/browser/kento-post-view-counter/trunk/index.php#L216

- https://www.wordfence.com/threat-intel/vulnerabilities/id/525b466d-137a-467b-8b49-e51393a73866?source=cve

CVE-2018-25105 - The File Manager plugin for WordPress is vulnerable to authorization bypass, enabling unauthenticated attackers to download and upload arbitrary files for remote code execution.

Product: WordPress File Manager plugin

Active Installations: 1 million+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25105

NVD References:

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1942390%40wp-file-manager&new=1942390%40wp-file-manager&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0?source=cve

CVE-2019-25213 - The Advanced Access Manager plugin for WordPress up to version 5.9.8.1 allows unauthenticated attackers to read any file on the server, including sensitive files like wp-config.php.

Product: WordPress Advanced Access Manager

Active Installations: 100,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25213

NVD References:

- https://plugins.trac.wordpress.org/changeset/2098838/advanced-access-manager/trunk/application/Core/Media.php?old=2151316&old_path=advanced-access-manager%2Ftrunk%2Fapplication%2FCore%2FMedia.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve

CVE-2019-25217 - The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion.

Product: SiteGround Optimizer plugin

Active Installations: 1 million+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25217

NVD References:

- https://blog.sucuri.net/2019/03/vulnerability-disclosure-siteground-optimizer-caldera-forms.html

- https://www.wordfence.com/threat-intel/vulnerabilities/id/657f3bd7-2cdc-4eb6-ba50-7c7fca468df0?source=cve

CVE-2020-36832 - The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass between versions 7.3 to 8.6, allowing unauthenticated attackers to login as any user, including the site administrator.

Product: WordPress Ultimate Membership Pro plugin

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36832

NVD References:

- https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253

- https://wpscan.com/vulnerability/9811025e-ab17-4255-aaaf-4f0306f5d281

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a5341bbd-55bd-41ad-b5d1-d6b56c141277?source=cve

CVE-2020-36837 - The ThemeGrill Demo Importer plugin for WordPress allows authenticated attackers to bypass authentication and reset the database, potentially giving them administrator access.

Product: ThemeGrill Demo Importer plugin for WordPress

Active Installations: 100,000+

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36837

NVD References:

- https://raw.githubusercontent.com/themegrill/themegrill-demo-importer/master/CHANGELOG.txt

- https://www.openwall.com/lists/oss-security/2020/02/19/1

- https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=cve

CVE-2021-4443 - The WordPress Mega Menu plugin is vulnerable to Arbitrary File Creation through the compiler_save AJAX action in versions up to 2.0.6.

Product: WordPress Mega Menu plugin

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4443

NVD References:

- https://sh3llcon.org/la-debilidad-de-wordpress/

- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wordpress-mega-menu-quadmenu-remote-code-execution-2-0-6/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/04003542-fd62-4587-9834-70e7fe8f08ef?source=cve

CVE-2021-4449 - The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads in versions up to 5.96, allowing unauthenticated attackers to potentially achieve remote code execution on the affected site's server.

Product: WordPress ZoomSounds

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-4449

NVD References:

- https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433

- https://github.com/0xAgun/Arbitrary-File-Upload-ZoomSounds

- https://ithemes.com/blog/wordpress-vulnerability-report-june-2021-part-5/#ib-toc-anchor-2

- https://sploitus.com/exploit?id=WPEX-ID:07259A61-8BA9-4DD0-8D52-CC1DF389C0AD

- https://wpscan.com/vulnerability/07259a61-8ba9-4dd0-8d52-cc1df389c0ad

- https://www.wordfence.com/threat-intel/vulnerabilities/id/262e3bb3-bc83-4d0b-8056-9f94ec141b8f?source=cve

CVE-2016-15042 - The Frontend File Manager and N-Media Post Front-end Form plugins for WordPress are vulnerable to arbitrary file uploads, allowing unauthenticated attackers to upload files and potentially execute remote code.

Product: WordPress Frontend File Manager

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2016-15042

NVD References:

- https://wordpress.org/plugins/nmedia-user-file-uploader/#developers

- https://wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7

- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-post-front-end-form-arbitrary-file-upload-1-0/

- https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin/

- https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1e6298-f243-49a5-b1b7-52bd6a6c8858?source=cve

CVE-2024-9862 - The Miniorange OTP Verification with Firebase plugin for WordPress allows unauthenticated attackers to change user passwords and potentially take over administrator accounts.

Product: OTP Verification with Firebase plugin for WordPress

Active Installations: 100+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9862

NVD References:

- https://plugins.trac.wordpress.org/browser/miniorange-firebase-sms-otp-verification/tags/3.6.0/handler/forms/class-loginform.php#L236

- https://plugins.trac.wordpress.org/changeset/3169869/miniorange-firebase-sms-otp-verification#file3

- https://www.wordfence.com/threat-intel/vulnerabilities/id/9c3df12d-e526-4a23-89d3-bfdcea9f7b2d?source=cve

CVE-2024-48042 - Contact Form by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in templates, affecting versions from n/a through 1.7.28.

Product: Supsystic Contact Form

Active Installations: 9,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48042

NVD References: https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-28-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-49247 - BuddyPress Better Registration allows authentication bypass via an alternate path or channel.

Product: Webforza BuddyPress Better Registration

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49247

NVD References: https://patchstack.com/database/vulnerability/better-bp-registration/wordpress-buddypress-better-registration-plugin-1-6-broken-authentication-vulnerability?_s_id=cve

CVE-2024-49257 - Azz Anonim Posting allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.

Product: Denis Azz Anonim Posting

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49257

NVD References: https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49271 - Unlimited Elements For Elementor (Free Widgets, Addons, Templates) is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions n/a through 1.5.121.

Product: Unlimited Elements Unlimited Elements For Elementor

Active Installations: 300,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49271

NVD References: https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-1-5-121-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-47649 - Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4.

Product: THATplugin Iconize

Active Installations: This plugin has been closed as of September 23, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47649

NVD References: https://patchstack.com/database/vulnerability/iconize/wordpress-iconize-plugin-1-2-4-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-48026 - Disc Golf Manager is vulnerable to Deserialization of Untrusted Data, leading to Object Injection in versions up to 1.0.0.

Product: Grayson Robbins Disc Golf Manager

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48026

NVD References: https://patchstack.com/database/vulnerability/disc-golf-manager/wordpress-disc-golf-manager-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve

CVE-2024-48027 - External featured image from bing allows for unrestricted upload of dangerous files, potentially enabling the upload of a web shell to a web server.

Product: xaraartech External featured image from bing

Active Installations: This plugin has been closed as of October 8, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48027

NVD References: https://patchstack.com/database/vulnerability/external-featured-image-from-bing/wordpress-external-featured-image-from-bing-plugin-1-0-2-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-48028 - Boyan Raichev IP Loc8 is vulnerable to deserialization of untrusted data, allowing object injection from versions n/a through 1.1.

Product: Boyan Raichev IP Loc8

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48028

NVD References: https://patchstack.com/database/vulnerability/ip-loc8/wordpress-ip-loc8-plugin-1-1-php-object-injection-vulnerability?_s_id=cve

CVE-2024-48030 - Telecash Ricaricaweb is vulnerable to untrusted data deserialization leading to object injection, impacting versions from n/a to 2.2.

Product: Gabriele Valenti Telecash Ricaricaweb

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48030

NVD References: https://patchstack.com/database/vulnerability/telecash-ricaricaweb/wordpress-telecash-ricaricaweb-plugin-2-2-php-object-injection-vulnerability?_s_id=cve

CVE-2024-48034 - Creates 3D Flipbook, PDF Flipbook allows for unrestricted file upload, enabling the potential upload of a web shell to a web server.

Product: Fliperrr Team Creates 3D Flipbook

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48034

NVD References: https://patchstack.com/database/vulnerability/create-flipbook-from-pdf/wordpress-creates-3d-flipbook-pdf-flipbook-plugin-1-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-48035 - Takayuki Imanishi ACF Images Search And Insert allows attackers to upload a web shell to a web server due to unrestricted file uploads with dangerous types from versions n/a through 1.1.4.

Product: Takayuki Imanishi ACF Images Search And Insert

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48035

NVD References: https://patchstack.com/database/vulnerability/acf-images-search-and-insert/wordpress-acf-images-search-and-insert-plugin-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49216 - Feed Comments Number in Joshua Clayton allows unrestricted upload of dangerous files, enabling the upload of a web shell onto a web server.

Product: Joshua Clayton Feed Comments Number

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49216

NVD References: https://patchstack.com/database/vulnerability/feed-comments-number/wordpress-feed-comments-number-plugin-0-2-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49218 - Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.

Product: Al Imran Akash Recently

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49218

NVD References: https://patchstack.com/database/vulnerability/recently-viewed-most-viewed-and-sold-products-for-woocommerce/wordpress-recently-plugin-1-1-php-object-injection-vulnerability?_s_id=cve

CVE-2024-49242 - Shafiq Digital Lottery allows attackers to upload a malicious web shell to a web server due to unrestricted file uploads.

Product: Shafiq Digital Lottery

Active Installations: This plugin has been closed as of October 8th, 2024 and is no longer available for download. This closure is temporary, pending a full review.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49242

NVD References: https://patchstack.com/database/vulnerability/digital-lottery/wordpress-digital-lottery-plugin-3-0-5-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49254 - Sunjianle is vulnerable to improper control of generation of code, allowing for Code Injection via the ajax-extend feature.

Product: Sunjianle ajax-extend

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49254

NVD References: https://patchstack.com/database/vulnerability/ajax-extend/wordpress-ajax-extend-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-49260 - Limb WordPress Gallery Plugin – Limb Image Gallery is vulnerable to unrestricted file uploads with dangerous types, allowing for code injection.

Product: WordPress Limb Image Gallery

Active Installations: This extension has been closed as of October 2, 2024 and is no longer available for download. This closure is temporary, pending a full review.

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49260

NVD References: https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-9893 - The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.

Product: Nextend Social Login Pro plugin

Active Installations: 300,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9893

NVD References:

- https://nextendweb.com/social-login/

- https://wordpress.org/plugins/nextend-facebook-connect/#developers

- https://www.wordfence.com/threat-intel/vulnerabilities/id/0e4588d1-f21e-48ba-a8cb-d18c421f000a?source=cve

CVE-2024-9863 - The UserPro plugin for WordPress is vulnerable to privilege escalation due to insecure default settings allowing unauthenticated attackers to register an administrator user.

Product: UserPro WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9863

NVD References:

- https://plugins.trac.wordpress.org/browser/miniorange-firebase-sms-otp-verification/tags/3.6.0/handler/forms/class-registrationform.php#L194

- https://plugins.trac.wordpress.org/changeset/3169869/miniorange-firebase-sms-otp-verification#file4

- https://www.wordfence.com/threat-intel/vulnerabilities/id/f04eab14-dd86-4145-b5eb-20d064bc8417?source=cve

CVE-2024-9263 - The WP Timetics plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation through insecure direct object reference, allowing unauthenticated attackers to reset emails and passwords of arbitrary user accounts.

Product: WP Timetics AI-powered Appointment Booking Calendar and Online Scheduling Plugin

Active Installations: 2,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9263

NVD References:

- https://plugins.trac.wordpress.org/browser/timetics/tags/1.0.25/core/customers/customer.php#L299

- https://plugins.trac.wordpress.org/changeset/3169771/timetics/trunk/core/customers/api-customer.php

- https://plugins.trac.wordpress.org/changeset/3169771/timetics/trunk/core/customers/customer.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/74bd595b-d2fa-4c62-82d2-dba2c2b128f0?source=cve

CVE-2024-49217 - Madiri Salman Aashish Adding drop down roles in registration has an Incorrect Privilege Assignment vulnerability that allows for Privilege Escalation.

Product: Madiri Salman Aashish Adding drop down roles in registration

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49217

NVD References: https://patchstack.com/database/vulnerability/user-drop-down-roles-in-registration/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-49246 - Ajax Rating with Custom Login is vulnerable to SQL Injection from versions n/a through 1.1.

Product: anand23 Ajax Rating with Custom Login

Active Installations: This plugin has been closed as of October 8, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49246

NVD References: https://patchstack.com/database/vulnerability/ajax-rating-with-custom-login/wordpress-ajax-rating-with-custom-login-plugin-1-1-sql-injection-vulnerability?_s_id=cve

CVE-2024-49291 - Gora Tech LLC Cooked Pro is susceptible to unrestricted file uploads with dangerous types, impacting versions prior to 1.8.0.

Product: Gora Tech LLC Cooked Pro

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49291

NVD References: https://patchstack.com/database/vulnerability/cooked-pro/wordpress-cooked-pro-plugin-1-8-0-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49305 - WPFactory Email Verification for WooCommerce is vulnerable to SQL Injection from n/a through 2.8.10.

Product: WPFactory Email Verification for WooCommerce

Active Installations: 7,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49305

NVD References: https://patchstack.com/database/vulnerability/emails-verification-for-woocommerce/wordpress-customer-email-verification-for-woocommerce-plugin-2-8-10-sql-injection-vulnerability?_s_id=cve

CVE-2024-49314 - JiangQie Free Mini Program allows uploading a web shell to a web server due to unrestricted upload of files with dangerous types.

Product: JiangQie Free Mini Program

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49314

NVD References: https://patchstack.com/database/vulnerability/jiangqie-free-mini-program/wordpress-jiangqie-free-mini-program-plugin-2-5-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49318 - Scott Olson My Reading Library is vulnerable to Object Injection via Deserialization of Untrusted Data from versions n/a through 1.0.

Product: Scott Olson My Reading Library

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49318

NVD References: https://patchstack.com/database/vulnerability/my-reading-library/wordpress-my-reading-library-plugin-1-0-php-object-injection-vulnerability?_s_id=cve

CVE-2024-49322 - Job Board Manager for WordPress is vulnerable to Incorrect Privilege Assignment, allowing Privilege Escalation from versions n/a through 1.0.

Product: CodePassenger Job Board Manager for WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49322

NVD References: https://patchstack.com/database/vulnerability/jemployee/wordpress-job-board-manager-for-wordpress-plugin-1-0-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-49286 - Moridrin SSV Events allows PHP Local File Inclusion due to a Path Traversal vulnerability.

Product: Moridrin SSV Events

Active Installations: unknown

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49286

NVD References: https://patchstack.com/database/vulnerability/ssv-events/wordpress-ssv-events-plugin-3-2-7-local-file-inclusion-to-rce-vulnerability?_s_id=cve

CVE-2024-49328 - Vivek Tamrakar WP REST API FNS is vulnerable to an Authentication Bypass via an alternate path or channel, affecting versions from n/a through 1.0.0.

Product: Vivek Tamrakar WP REST API FNS

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49328

NVD References: https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-plugin-1-0-0-account-takeover-vulnerability?_s_id=cve

CVE-2024-49604 - Simple User Registration in Najeeb Ahmad allows Authentication Bypass through an alternate path, affecting versions up to 5.5.

Product: Najeeb Ahmad Simple User Registration

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49604

NVD References: https://patchstack.com/database/vulnerability/wp-registration/wordpress-simple-user-registration-plugin-5-5-account-takeover-vulnerability?_s_id=cve

CVE-2024-49611 - Paxman Product Website Showcase allows unauthorized upload of malicious files, potentially compromising the security of the web server.

Product: Paxman Product Website Showcase

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49611

NVD References: https://patchstack.com/database/vulnerability/product-websites-showcase/wordpress-product-website-showcase-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49626 - Shipyaari Shipping Management is vulnerable to deserialization of untrusted data, allowing object injection from n/a through 1.2.

Product: Piyushmca Shipyaari Shipping Management

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49626

NVD References: https://patchstack.com/database/vulnerability/shipyaari-shipping-managment/wordpress-shipyaari-shipping-management-plugin-1-2-php-object-injection-vulnerability?_s_id=cve

CVE-2024-49324 - Sovratec Case Management allows unrestricted upload of files with dangerous types, potentially enabling attackers to upload a web shell to a web server.

Product: Sovratec Case Management

Active Installations: This plugin has been closed as of October 16, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49324

NVD References: https://patchstack.com/database/vulnerability/sovratec-case-management/wordpress-sovratec-case-management-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49326 - Affiliator allows unauthorized upload of dangerous file types, which can lead to web server compromise, affecting versions from n/a through 2.1.3.

Product: Vasilis Kerasiotis Affiliator

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49326

NVD References: https://patchstack.com/database/vulnerability/affiliator-lite/wordpress-affiliator-plugin-2-1-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49327 - Woostagram Connect allows the unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to web servers.

Product: Asep Bagja Priandana Woostagram Connect

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49327

NVD References: https://patchstack.com/database/vulnerability/woostagram-connect/wordpress-woostagram-connect-plugin-1-0-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49329 - Vivek Tamrakar WP REST API FNS allows the unrestricted uploading of dangerous file types, enabling attackers to upload a web shell to a web server.

Product: Vivek Tamrakar WP REST API FNS

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49329

NVD References: https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49330 - Nice Backgrounds in versions n/a through 1.0 allows unrestricted upload of a file with a dangerous type, potentially leading to the uploading of a web shell onto a web server.

Product: brx8r Nice Backgrounds

Active Installations: This plugin has been closed as of October 14, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49330

NVD References: https://patchstack.com/database/vulnerability/nicebackgrounds/wordpress-nice-backgrounds-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49331 - Myriad Solutionz Property Lot Management System allows unrestricted upload of dangerous file types, leading to the potential upload of a web shell and compromising the web server.

Product: Myriad Solutionz Property Lot Management System

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49331

NVD References: https://patchstack.com/database/vulnerability/plms/wordpress-property-lot-management-system-plugin-4-2-38-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49332 - Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4.

Product: Giveaway Boost

Active Installations: This plugin has been closed as of October 14, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49332

NVD References: https://patchstack.com/database/vulnerability/giveaway-boost/wordpress-giveaway-boost-plugin-2-1-4-php-object-injection-vulnerability?_s_id=cve

CVE-2024-49607 - WP Dropbox Dropins is vulnerable to unrestricted upload of dangerous file types, allowing attackers to upload a web shell to the web server.

Product: Redwan Hilali WP Dropbox Dropins

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49607

NVD References: https://patchstack.com/database/vulnerability/wp-dropbox-dropins/wordpress-wp-dropbox-dropins-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49610 - Photokit allows for the unrestricted upload of dangerous files, such as web shells, which poses a security risk from versions n/a through 1.0.

Product: Jack Zhu photokit

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49610

NVD References: https://patchstack.com/database/vulnerability/photokit/wordpress-photokit-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-49624 - Smartdevth Advanced Advertising System is vulnerable to object injection via deserialization of untrusted data in versions up to 1.3.1.

Product: Smartdevth Advanced Advertising System

Active Installations: This plugin has been closed as of October 14, 2024 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49624

NVD References: https://patchstack.com/database/vulnerability/advanced-advertising-system/wordpress-advanced-advertising-system-plugin-1-3-1-php-object-injection-vulnerability?_s_id=cve

CVE-2024-49625 - Brandon Clark SiteBuilder Dynamic Components has a vulnerability that allows Object Injection through the deserialization of untrusted data.

Product: Brandon Clark SiteBuilder Dynamic Components

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49625

NVD References: https://patchstack.com/database/vulnerability/sitebuilder-dynamic-components/wordpress-sitebuilder-dynamic-components-plugin-1-0-php-object-injection-vulnerability?_s_id=cve

CVE-2024-44000 - Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.

Product: LiteSpeed Technologies LiteSpeed Cache

Active Installations: 6 million+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44000

NVD References:

- https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin?_s_id=cve

- https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-5-0-1-unauthenticated-account-takeover-vulnerability?_s_id=cve

The following vulnerability needs a manual review:

CVE-2024-38819: Path traversal vulnerability in functional web frameworks

https://spring.io/security/cve-2024-38819