CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2024-6940 (GCVE-0-2024-6940)
Vulnerability from cvelistv5 – Published: 2024-07-21 05:31 – Updated: 2024-08-01 21:45
VLAI
Title
DedeCMS article_template_rand.php code injection
Summary
A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271995. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.7 (Medium)
4.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Code Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.271995 | vdb-entry |
| https://vuldb.com/?ctiid.271995 | signaturepermissions-required |
| https://vuldb.com/?submit.372810 | third-party-advisory |
| https://gitee.com/fushuling/cve/blob/master/dedeC… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dedecms:dedecms:5.7.114:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dedecms",
"vendor": "dedecms",
"versions": [
{
"status": "affected",
"version": "5.7.114"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6940",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T18:20:19.945764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T20:23:56.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:45:38.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-271995 | DedeCMS article_template_rand.php code injection",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.271995"
},
{
"name": "VDB-271995 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.271995"
},
{
"name": "Submit #372810 | DedeCMS 5.7.114 Code Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.372810"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gitee.com/fushuling/cve/blob/master/dedeCMS%20V5.7.114%20article_template_rand.php%20code%20injection.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DedeCMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.7.114"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fushuling233 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271995. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in DedeCMS 5.7.114 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei article_template_rand.php. Durch das Beeinflussen mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-21T05:31:07.684Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-271995 | DedeCMS article_template_rand.php code injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.271995"
},
{
"name": "VDB-271995 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.271995"
},
{
"name": "Submit #372810 | DedeCMS 5.7.114 Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.372810"
},
{
"tags": [
"exploit"
],
"url": "https://gitee.com/fushuling/cve/blob/master/dedeCMS%20V5.7.114%20article_template_rand.php%20code%20injection.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-20T08:39:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "DedeCMS article_template_rand.php code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6940",
"datePublished": "2024-07-21T05:31:07.684Z",
"dateReserved": "2024-07-20T06:34:38.892Z",
"dateUpdated": "2024-08-01T21:45:38.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6946 (GCVE-0-2024-6946)
Vulnerability from cvelistv5 – Published: 2024-07-21 08:31 – Updated: 2024-08-01 21:45
VLAI
Title
Flute CMS list code injection
Summary
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272068.
Severity
4.7 (Medium)
4.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Code Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.272068 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.272068 | signaturepermissions-required |
| https://vuldb.com/?submit.375214 | third-party-advisory |
| https://github.com/DeepMountains/Mirage/blob/main… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:flute:cms:0.2.2.4-alpha:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms",
"vendor": "flute",
"versions": [
{
"status": "affected",
"version": "0.2.2.4-alpha"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6946",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T18:58:35.309010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T18:59:32.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:45:38.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-272068 | Flute CMS list code injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.272068"
},
{
"name": "VDB-272068 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.272068"
},
{
"name": "Submit #375214 | flute-cms.com Web-based CMS for server games written on PHP v0.2.2.4-alpha Remote Code Execute (RCE)",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.375214"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE5-2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "Flute",
"versions": [
{
"status": "affected",
"version": "0.2.2.4-alpha"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272068."
},
{
"lang": "de",
"value": "In Flute CMS 0.2.2.4-alpha wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/pages/list. Mittels dem Manipulieren des Arguments blocks mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-21T08:31:03.888Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-272068 | Flute CMS list code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.272068"
},
{
"name": "VDB-272068 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.272068"
},
{
"name": "Submit #375214 | flute-cms.com Web-based CMS for server games written on PHP v0.2.2.4-alpha Remote Code Execute (RCE)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.375214"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE5-2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-20T12:11:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Flute CMS list code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6946",
"datePublished": "2024-07-21T08:31:03.888Z",
"dateReserved": "2024-07-20T10:06:09.962Z",
"dateUpdated": "2024-08-01T21:45:38.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6947 (GCVE-0-2024-6947)
Vulnerability from cvelistv5 – Published: 2024-07-21 09:00 – Updated: 2024-08-01 21:45
VLAI
Title
Flute CMS Notification ContentParser.php replaceContent code injection
Summary
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability.
Severity
4.7 (Medium)
4.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Code Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.272069 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.272069 | signaturepermissions-required |
| https://vuldb.com/?submit.376785 | third-party-advisory |
| https://github.com/DeepMountains/Mirage/blob/main… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:flute:cms:0.2.2.4-alpha:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cms",
"vendor": "flute",
"versions": [
{
"status": "affected",
"version": "0.2.2.4-alpha"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T14:59:06.857639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T15:00:10.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:45:38.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-272069 | Flute CMS Notification ContentParser.php replaceContent code injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.272069"
},
{
"name": "VDB-272069 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.272069"
},
{
"name": "Submit #376785 | flute-cms.com Web-based CMS for server games written on PHP v0.2.2.4-alpha SSTi",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.376785"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Notification Handler"
],
"product": "CMS",
"vendor": "Flute",
"versions": [
{
"status": "affected",
"version": "0.2.2.4-alpha"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Flute CMS 0.2.2.4-alpha ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion replaceContent der Datei app/Core/Support/ContentParser.php der Komponente Notification Handler. Mittels Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-21T09:00:07.017Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-272069 | Flute CMS Notification ContentParser.php replaceContent code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.272069"
},
{
"name": "VDB-272069 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.272069"
},
{
"name": "Submit #376785 | flute-cms.com Web-based CMS for server games written on PHP v0.2.2.4-alpha SSTi",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.376785"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-20T12:11:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "Flute CMS Notification ContentParser.php replaceContent code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6947",
"datePublished": "2024-07-21T09:00:07.017Z",
"dateReserved": "2024-07-20T10:06:14.538Z",
"dateUpdated": "2024-08-01T21:45:38.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6950 (GCVE-0-2024-6950)
Vulnerability from cvelistv5 – Published: 2024-07-21 10:31 – Updated: 2024-08-01 21:45
VLAI
Title
Prain HTTP POST Request ?import code injection
Summary
A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272072.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Code Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.272072 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.272072 | signaturepermissions-required |
| https://vuldb.com/?submit.375244 | third-party-advisory |
| https://gist.github.com/J1rrY-learn/c5818d700476c… | broken-linkexploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T11:48:32.954041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T11:48:54.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:45:38.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-272072 | Prain HTTP POST Request ?import code injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.272072"
},
{
"name": "VDB-272072 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.272072"
},
{
"name": "Submit #375244 | https://prain.cn/ Prain Open source PHP light blog program \u003c=1.3.0 arbitrary file writes",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.375244"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://gist.github.com/J1rrY-learn/c5818d700476c4debcf8a334a5c9c243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Prain",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "J1rrY (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272072."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Prain bis 1.3.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei /?import der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments file mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-21T10:31:03.629Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-272072 | Prain HTTP POST Request ?import code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.272072"
},
{
"name": "VDB-272072 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.272072"
},
{
"name": "Submit #375244 | https://prain.cn/ Prain Open source PHP light blog program \u003c=1.3.0 arbitrary file writes",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.375244"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://gist.github.com/J1rrY-learn/c5818d700476c4debcf8a334a5c9c243"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-20T12:26:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "Prain HTTP POST Request ?import code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6950",
"datePublished": "2024-07-21T10:31:03.629Z",
"dateReserved": "2024-07-20T10:20:15.432Z",
"dateUpdated": "2024-08-01T21:45:38.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6982 (GCVE-0-2024-6982)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:10 – Updated: 2025-03-20 18:20
VLAI
Title
Remote Code Execution in Calculate Function in parisneo/lollms
Summary
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's `eval()` function to evaluate mathematical expressions within a Python sandbox that disables `__builtins__` and only allows functions from the `math` module. This sandbox can be bypassed by loading the `os` module using the `_frozen_importlib.BuiltinImporter` class, allowing an attacker to execute arbitrary commands on the server. The issue is fixed in version 9.10.
Severity
8.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| parisneo | parisneo/lollms |
Affected:
unspecified , < 9.10
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:49:52.721851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:20:14.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms",
"vendor": "parisneo",
"versions": [
{
"lessThan": "9.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python\u0027s `eval()` function to evaluate mathematical expressions within a Python sandbox that disables `__builtins__` and only allows functions from the `math` module. This sandbox can be bypassed by loading the `os` module using the `_frozen_importlib.BuiltinImporter` class, allowing an attacker to execute arbitrary commands on the server. The issue is fixed in version 9.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:10:31.983Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/4f8e73ac-aaaf-4d5c-a6dd-58215b5a7fea"
},
{
"url": "https://github.com/parisneo/lollms/commit/30e7eaba2ccfb751a81e7cb29fdef2ae8ffa6832"
}
],
"source": {
"advisory": "4f8e73ac-aaaf-4d5c-a6dd-58215b5a7fea",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in Calculate Function in parisneo/lollms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6982",
"datePublished": "2025-03-20T10:10:31.983Z",
"dateReserved": "2024-07-22T19:06:06.816Z",
"dateUpdated": "2025-03-20T18:20:14.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6983 (GCVE-0-2024-6983)
Vulnerability from cvelistv5 – Published: 2024-09-27 15:43 – Updated: 2024-09-27 17:48
VLAI
Title
Remote Code Execution in mudler/localai
Summary
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| mudler | mudler/localai |
Affected:
unspecified , < 2.19.4
(custom)
|
|
| mudler | localai |
Affected:
0 , < 2.19.4
(custom)
cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "localai",
"vendor": "mudler",
"versions": [
{
"lessThan": "2.19.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6983",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T17:45:05.270708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T17:48:42.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mudler/localai",
"vendor": "mudler",
"versions": [
{
"lessThan": "2.19.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T15:43:51.011Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/f91fb287-412e-4c89-87df-9e4b6e609647"
},
{
"url": "https://github.com/mudler/localai/commit/d02a0f6f01d5c4a926a2d67190cb55d7aca23b66"
}
],
"source": {
"advisory": "f91fb287-412e-4c89-87df-9e4b6e609647",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in mudler/localai"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6983",
"datePublished": "2024-09-27T15:43:51.011Z",
"dateReserved": "2024-07-22T21:20:58.493Z",
"dateUpdated": "2024-09-27T17:48:42.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7093 (GCVE-0-2024-7093)
Vulnerability from cvelistv5 – Published: 2024-08-01 21:07 – Updated: 2024-08-02 16:04
VLAI
Title
Server-Side Template Injection in Dispatch Message Templates
Summary
Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then executed whenever these notifications are rendered and sent out.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netflix:dispatch:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dispatch",
"vendor": "netflix",
"versions": [
{
"lessThan": "20240731",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:04:33.810735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:04:37.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dispatch",
"repo": "https://github.com/Netflix/dispatch",
"vendor": "Netflix",
"versions": [
{
"lessThan": "v20240731",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dispatch\u0027s notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then executed whenever these notifications are rendered and sent out."
}
],
"value": "Dispatch\u0027s notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then executed whenever these notifications are rendered and sent out."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:07:35.787Z",
"orgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"shortName": "netflix"
},
"references": [
{
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-003.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-Side Template Injection in Dispatch Message Templates",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea63fd80-a441-4c7b-ba78-e48a8071cae2",
"assignerShortName": "netflix",
"cveId": "CVE-2024-7093",
"datePublished": "2024-08-01T21:07:35.787Z",
"dateReserved": "2024-07-24T21:43:55.252Z",
"dateUpdated": "2024-08-02T16:04:37.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7094 (GCVE-0-2024-7094)
Vulnerability from cvelistv5 – Published: 2024-08-13 02:31 – Updated: 2026-04-08 16:45
VLAI
Title
JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution
Summary
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. CVE-2024-43274 is likely a duplicate of this issue.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| rabilal | JS Help Desk – AI-Powered Support & Ticketing System |
Affected:
0 , ≤ 2.8.6
(semver)
|
|
| wiselyhub | js_help_desk |
Affected:
0 , ≤ 2.8.6
(semver)
cpe:2.3:a:wiselyhub:js_help_desk:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wiselyhub:js_help_desk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "js_help_desk",
"vendor": "wiselyhub",
"versions": [
{
"lessThanOrEqual": "2.8.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T14:49:06.948729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:51:27.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "JS Help Desk \u2013 AI-Powered Support \u0026 Ticketing System",
"vendor": "rabilal",
"versions": [
{
"lessThanOrEqual": "2.8.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Connor Billings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The JS Help Desk \u2013 The Ultimate Help Desk \u0026 Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the \u0027storeTheme\u0027 function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. CVE-2024-43274 is likely a duplicate of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:45:07.909Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31513f9e-6185-425b-9e7e-36f21f72d0a2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/formhandler.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/tpls/admin_themes.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/controller.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/modules/themes/model.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/js-support-ticket/tags/2.8.5/includes/css/style.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-12T14:17:56.000Z",
"value": "Disclosed"
}
],
"title": "JS Help Desk \u2013 The Ultimate Help Desk \u0026 Support Plugin \u003c= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-7094",
"datePublished": "2024-08-13T02:31:39.099Z",
"dateReserved": "2024-07-24T21:58:26.836Z",
"dateUpdated": "2026-04-08T16:45:07.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7104 (GCVE-0-2024-7104)
Vulnerability from cvelistv5 – Published: 2024-09-16 14:52 – Updated: 2026-06-03 11:39
VLAI
Title
Remote Code Execution in SFS Consulting's ww.Winsure
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.
This issue affects ww.Winsure: before 4.6.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-24-1475 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SFS Consulting | ww.Winsure |
Affected:
0 , < 4.6.2
(custom)
|
|
| sfs_consulting | wwwinsure |
Affected:
0 , < 4.6.2
(custom)
cpe:2.3:a:sfs_consulting:wwwinsure:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sfs_consulting:wwwinsure:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wwwinsure",
"vendor": "sfs_consulting",
"versions": [
{
"lessThan": "4.6.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T15:28:17.324008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T15:34:22.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ww.Winsure",
"vendor": "SFS Consulting",
"versions": [
{
"lessThan": "4.6.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Salih \u00d6ZEK"
},
{
"lang": "en",
"type": "sponsor",
"value": "Secure Future Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in SFS Consulting ww.Winsure allows Code Injection.\u003cp\u003eThis issue affects ww.Winsure: before 4.6.2.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in SFS Consulting ww.Winsure allows Code Injection.\n\nThis issue affects ww.Winsure: before 4.6.2."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T11:39:15.008Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1475"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1475"
}
],
"source": {
"advisory": "TR-24-1475",
"defect": [
"TR-24-1475"
],
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in SFS Consulting\u0027s ww.Winsure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-7104",
"datePublished": "2024-09-16T14:52:57.400Z",
"dateReserved": "2024-07-25T11:53:17.734Z",
"dateUpdated": "2026-06-03T11:39:15.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7218 (GCVE-0-2024-7218)
Vulnerability from cvelistv5 – Published: 2024-07-30 05:00 – Updated: 2025-09-01 09:59 X_Freeware
VLAI
Title
SourceCodester/Campcodes School Log Management System ajax.php cross site scripting
Summary
A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.272789 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.272789 | signaturepermissions-required |
| https://vuldb.com/?submit.380425 | third-party-advisory |
| https://gist.github.com/topsky979/86480890cc621c2… | exploit |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | School Log Management System |
Affected:
1.0
|
|
| Campcodes | School Log Management System |
Affected:
1.0
|
|
| sourcecodester | school_log_management_system |
Affected:
1.0
cpe:2.3:a:sourcecodester:school_log_management_system:1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:school_log_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_log_management_system",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7218",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T14:29:43.472511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:30:30.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:30.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-272789 | SourceCodester School Log Management System cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.272789"
},
{
"name": "VDB-272789 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.272789"
},
{
"name": "Submit #380425 | SourceCodester School Log Management System 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.380425"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gist.github.com/topsky979/86480890cc621c240c86e95a3de9ecc4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "School Log Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "School Log Management System",
"vendor": "Campcodes",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester/Campcodes School Log Management System 1.0 entdeckt. Betroffen davon ist eine unbekannte Funktion der Datei /admin/ajax.php?action=save_student. Die Bearbeitung des Arguments Name verursacht cross site scripting. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T09:59:14.078Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-272789 | SourceCodester/Campcodes School Log Management System ajax.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.272789"
},
{
"name": "VDB-272789 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.272789"
},
{
"name": "Submit #380425 | SourceCodester School Log Management System 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.380425"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/topsky979/86480890cc621c240c86e95a3de9ecc4"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2024-07-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T12:03:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester/Campcodes School Log Management System ajax.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7218",
"datePublished": "2024-07-30T05:00:07.128Z",
"dateReserved": "2024-07-29T18:21:39.352Z",
"dateUpdated": "2025-09-01T09:59:14.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Refactoring
Description:
- Refactor your program so that you do not have to dynamically generate code.
Mitigation
Phase: Architecture and Design
Description:
- Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
- Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Phase: Testing
Description:
- Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Mitigation ID: MIT-32
Phase: Operation
Strategy: Compilation or Build Hardening
Description:
- Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation ID: MIT-32
Phase: Operation
Strategy: Environment Hardening
Description:
- Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation
Phase: Implementation
Description:
- For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-242: Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.