CVE Catalog

A critical vulnerability allowing arbitrary file upload has been identified in Wangl1989 MySiteForMe version 1.0. The issue resides in the LocalUploadServiceImpl file, where the upload function fails to properly validate file types. This flaw enables remote attackers to upload malicious JSP or HTML files, potentially leading to the execution of harmful scripts on the server.

A cross-site scripting (XSS) vulnerability has been identified in Wangl1989 MySiteForMe version 1.0. The issue arises in the RestResponse function of the SiteController file, where incoming data is not properly sanitized, allowing for the injection of malicious scripts. This vulnerability can be exploited remotely.

A critical vulnerability allowing remote command execution has been identified in Wangl1989 MySiteForMe version 1.0. The issue arises in the 'rememberMeManager' function within 'src/main/java/com/mysiteforme/admin/config/ShiroConfig.java', where improper handling of data leads to deserialization vulnerabilities.

A reflected cross-site scripting vulnerability has been identified in Emlog Pro version 2.4.3. The issue resides in the admin/twitter.php file, within the Subpage Handler component. This vulnerability allows remote attackers to inject malicious JavaScript into the URL, which is then executed in the context of the user's browser.

A critical vulnerability allowing unrestricted file uploads has been identified in ZeroWdd Studentmanager version 1.0. The issue resides in the TeacherController, specifically within the addTeacher and editTeacher functions. This vulnerability allows the upload of files with dangerous extensions, such as JSP and HTML, which can be processed by the application. Although the uploaded files are initially inaccessible and require a system restart to be accessed, this flaw could still be exploited remotely.

A cross-site scripting vulnerability has been identified in the Trimble SPS851 receiver, specifically in version 488.01. The issue arises within the Receiver Status Identity Tab, where the 'System Name' argument can be manipulated to execute malicious scripts. This vulnerability can be exploited remotely.

A critical vulnerability allowing unrestricted file uploads has been identified in ZeroWdd Studentmanager version 1.0. This issue arises in the StudentController and TeacherController files, where the addStudent, editStudent, addTeacher, and editTeacher methods fail to properly restrict file extensions and content. As a result, malicious JSP and HTML files can be uploaded. However, uploaded JSP files cannot be accessed until the application is restarted.

A reflected cross-site scripting vulnerability has been identified in Emlog Pro versions through 2.4.3. The issue resides in the admin/article.php file within the Subpage Handler component. This vulnerability allows remote attackers to inject malicious scripts that are executed in the context of the user's browser.

A critical path traversal vulnerability has been identified in several Dahua IPC camera models, including the IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z, and IPC-HDW1200S, all versions prior to 20241222. This vulnerability allows remote attackers to bypass directory restrictions and access sensitive files, such as ../mtd/Config/Sha1Account1, which contains hashed credentials and other configuration data. The issue arises from the web interface's improper handling of file paths, enabling exploitation by manipulating input to traverse directories and access restricted files.

A SQL injection vulnerability has been identified in the TMD Custom Header Menu OpenCart module, version 4.0.0.1. This vulnerability exists in the admin index.php file, where the headermenu_id parameter is improperly processed, allowing authenticated attackers to manipulate SQL queries. Exploitation of this vulnerability could lead to unauthorized access to database contents, including admin session details, Personally Identifiable Information (PII), and payment information. The vulnerability requires a valid session cookie and user_token for exploitation.

A critical vulnerability exists in CampCodes Project Management System version 1.0, specifically within the file '/forms/update_forms.php?action=change_pic2&id=4'. This vulnerability allows for unrestricted file uploads by manipulating the 'file' argument, enabling the upload of malicious PHP scripts. The issue can be exploited remotely, leading to arbitrary code execution on the server.

A critical SQL injection vulnerability has been identified in Campcodes Student Grading System version 1.0. The issue resides in the 'view_students.php' file, where the 'id' parameter is improperly sanitized, allowing remote attackers to manipulate SQL queries and potentially access or modify database information.

A critical file inclusion vulnerability has been identified in Campcodes School Faculty Scheduling System version 1.0. The issue arises in the admin index.php file, where the page argument can be manipulated to include files. This vulnerability can be exploited remotely.

A vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3, allowing remote attackers to trigger an unhandled SSL exception. This could result in the connection being left in an unexpected or insecure state.

A SQL injection vulnerability has been identified in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. This vulnerability allows remote attackers to send specially crafted SQL statements that could be used to view, add, modify, or delete information in the back-end database.

A denial-of-service vulnerability has been identified in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. This issue allows remote attackers to disrupt service by exploiting inefficient regular expression processing, which can lead to catastrophic backtracking and event loop blocking in server-side environments like Node.js.

A directory traversal vulnerability has been identified in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. This vulnerability could allow a remote attacker to traverse directories on the system by sending a specially crafted URL request that includes 'dot dot' sequences. Exploitation of this vulnerability could enable the attacker to view arbitrary files on the system.

A vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3, where weaker than expected cryptographic algorithms could enable an attacker to decrypt highly sensitive information.

A critical SQL injection vulnerability has been identified in Campcodes School Faculty Scheduling System version 1.0. The issue arises in the file /admin/ajax.php, specifically within the login action. The vulnerability allows for remote exploitation by manipulating the username parameter, which is not properly sanitized before being used in a database query. This flaw could be exploited to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

A PHP Object Injection vulnerability has been identified in the UpdraftPlus: WP Backup & Migration Plugin for WordPress, affecting versions 1.23.8 prior to 1.24.11. The vulnerability arises from the deserialization of untrusted input in the 'recursive_unserialized_replace' function, allowing unauthenticated attackers to inject PHP objects. While the vulnerable plugin itself does not have a known Payload Execution Chain (POP chain), the vulnerability could be exploited if another plugin or theme with a POP chain is installed on the same site. In such cases, the attacker might be able to delete arbitrary files, access sensitive data, or execute code, depending on the specific POP chain available. To trigger the exploit, an administrator must perform a search and replace action.

A critical SQL injection vulnerability has been identified in Code-Projects Online Shoe Store version 1.0. The issue resides in the summary.php file, where the tid parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, potentially leading to unauthorized access to the application's database or even remote code execution.

A critical SQL injection vulnerability has been identified in Code-Projects Online Shoe Store version 1.0. The issue resides in the file '/function/login.php', where user-supplied email and password parameters are directly inserted into an SQL query without proper validation or sanitization. This vulnerability can be exploited remotely, potentially leading to unauthorized access to the application's database or even remote code execution.

A critical vulnerability has been identified in Code-Projects Online Shoe Store version 1.0, specifically within the file '/admin/index.php'. This vulnerability arises from broken access controls, allowing any user, including those unauthenticated, to gain administrative privileges and access the admin panel. The issue can be exploited remotely without any authentication.

A stored cross-site scripting vulnerability has been identified in the WP Multi Store Locator plugin for WordPress, affecting all versions through 2.4.1. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts into pages. These scripts are executed when a user accesses the compromised page.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Social AutoConnect plugin for WordPress, affecting all versions through 4.6.2. The vulnerability arises from inadequate nonce validation, allowing unauthenticated attackers to inject malicious scripts via a forged request, provided they can persuade a site administrator to click a link or perform a similar action.

A SQL injection vulnerability has been identified in the WP Project Manager plugin for WordPress, specifically in versions prior to and including 2.6.16. The vulnerability arises in the '/wp-json/pm/v2/projects/2/task-lists' REST API endpoint, where the 'project_id' parameter is insufficiently sanitized. This flaw allows authenticated attackers with project access to inject additional SQL queries into the existing query, potentially leading to the extraction of sensitive database information.

A reflected cross-site scripting vulnerability has been identified in the Turnkey bbPress by WeaverTheme plugin for WordPress, affecting all versions through 1.6.3. The vulnerability arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the '_wpnonce' parameter. These injected scripts could be executed if a user is tricked into clicking a link or performing a similar action.

A critical SQL injection vulnerability has been identified in Code-Projects Online Shoe Store version 1.0. The issue arises in the file '/details2.php', where the 'id' parameter is manipulated, allowing for unauthorized database access. This vulnerability can be exploited remotely, and the public disclosure of the exploit suggests it may be actively used.

A vulnerability allowing remote code execution and arbitrary file read has been identified in the Dynamics 365 Integration plugin for WordPress, affecting all versions through 1.3.23. The issue arises from Twig server-side template injection, caused by inadequate input validation and sanitization in the render function. This vulnerability enables authenticated attackers with Contributor-level access and above to execute code on the server.

A stored cross-site scripting vulnerability has been identified in the Taskbuilder WordPress Project & Task Management plugin, affecting all versions through 3.0.6. The vulnerability arises from inadequate input sanitization and output escaping on user-supplied attributes in the wppm_tasks shortcode. This flaw allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users access the compromised page.

A critical SQL injection vulnerability has been identified in Code-Projects Online Shoe Store version 1.0. The issue arises in the file '/details.php', where the 'id' parameter is processed without proper validation or sanitization, allowing remote attackers to manipulate the input and execute arbitrary SQL commands. This vulnerability could lead to unauthorized access to the application's database or even remote code execution.

A reflected cross-site scripting vulnerability has been identified in the WP Smart Import: Import any XML File to WordPress plugin, affecting all versions through 1.1.2. The vulnerability arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the 'page' parameter. These injected scripts can be executed if a user is tricked into clicking a link.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Scratch & Win WordPress plugin, specifically in versions through 2.7.1. The issue arises from the reset_installation() function, which lacks proper nonce validation. This vulnerability allows unauthenticated attackers to reset the plugin's installation by sending a forged request, provided they can persuade a site administrator to click a link or perform a similar action.

A PHP Object Injection vulnerability has been identified in the Backup Migration plugin for WordPress, affecting all versions up to and including 1.4.6. The issue arises from the deserialization of untrusted input in the 'recursive_unserialize_replace' function, allowing unauthenticated attackers to inject a PHP object. Exploitation is possible if an administrator creates a staging site, as the vulnerability requires this condition to be met.

A critical SQL injection vulnerability has been identified in Code-Projects Student Management System version 1.0. The issue resides in the 'showSubject1' function within '/config/DbFunction.php', where the 'sid' parameter is manipulated, allowing for SQL injection. This vulnerability can be exploited remotely, and other parameters may also be affected.

A file inclusion vulnerability has been identified in TCS BaNCS version 10. The issue arises in the REPORTS_SHOW_FILE.jsp file, where the FilePath argument can be manipulated to include unauthorized files. However, the existence of this vulnerability is currently under scrutiny.

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue resides in the file '/user/update_account.php', where the 'username' parameter is manipulated, allowing for SQL injection. This vulnerability can be exploited remotely, potentially leading to unauthorized access to sensitive information in the server's database.

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue resides in the file '/user/search_num.php', where the 'search' parameter is manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, potentially allowing attackers to access sensitive information from the application's database.

A medium-severity vulnerability exists in Optimizely EPiServer.CMS.Core versions prior to 12.32.0, due to inadequate enforcement of password complexity requirements. The application allows users to create passwords with a minimum length of 6 characters, but these passwords lack the necessary complexity to withstand contemporary attack methods such as password spraying or offline cracking.

A medium-severity vulnerability exists in Optimizely EPiServer.CMS.Core versions prior to 12.32.0. The issue arises because the application fails to properly validate uploaded files, allowing potentially harmful file types, such as .docm and .html, to be uploaded. When these files are accessed by application users, they can execute malicious actions or compromise users' systems.

A high-severity stored cross-site scripting vulnerability has been identified in Optimizely EPiServer.CMS.Core versions prior to 12.22.0. This vulnerability allows malicious actors to inject and execute arbitrary JavaScript code within the CMS. The issue could lead to the compromise of user data, unauthorized privilege escalation, or execution of unauthorized actions. The vulnerability is present in several areas of the CMS, including content editing, link management, and file uploads.

A medium-severity session hijacking vulnerability has been identified in Optimizely Configured Commerce versions prior to 5.2.2408. The issue arises when session tokens are transmitted as URL parameters, exposing sensitive information about the authenticated session.

A medium-severity vulnerability has been identified in Optimizely Configured Commerce versions prior to 5.2.2408. This issue affects the B2B application and relates to session management in the storefront. The vulnerability allows session tokens from logged-out sessions to remain active and usable, potentially leading to unauthorized access.

A vulnerability exists in Optimizely Configured Commerce versions prior to 5.2.2408, where the B2B application does not require email confirmation for newly created accounts. This issue allows for the mass creation of accounts, potentially impacting database storage and leading to the creation of unsolicited storefront accounts on behalf of visitors.

A medium-severity business logic vulnerability has been identified in Optimizely Configured Commerce versions prior to 5.2.2408. This issue exists within the Commerce B2B application and allows storefront visitors to purchase discontinued products under certain conditions where requests are modified before reaching the server.

A medium-severity input validation vulnerability has been identified in Optimizely Configured Commerce versions prior to 5.2.2408. This issue affects the Commerce B2B application, specifically the Contact Us feature, by allowing visitors to send email messages that could include unfiltered HTML markup under certain conditions.

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue resides in an unknown function of the file '/user/minus_cart.php', where the 'id' parameter is manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially allowing attackers to access sensitive information from the server's database.

A vulnerability exists in IBM PowerHA SystemMirror for i versions 7.4 and 7.5, where the secure attribute is not applied to authorization tokens or session cookies. This oversight allows attackers to intercept cookie values by sending a non-secure link to a user or embedding it in a site the user visits. The cookies would then be transmitted over the insecure link, enabling the attacker to snoop on the traffic and capture the cookie values.

A vulnerability exists in IBM PowerHA SystemMirror for i versions 7.4 and 7.5, due to improper restrictions when rendering content through iFrames. This issue could enable an attacker to gain unauthorized access and perform actions on the system.

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress, affecting all versions through 1.0.15. The vulnerability arises in the rjg_get_youtube_info_justified_gallery_callback function, allowing authenticated attackers with Subscriber-level access and above to make web requests to arbitrary locations from the web application. This could be exploited to retrieve limited information from internal services.