7.2
CVE-2023-53885 - Webutler v3.2 Remote Code Execution via Arbitrary File Upload
Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file.
5.1
CVE-2023-53884 - Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload
Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is vieweβ¦
7.2
CVE-2023-53883 - Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation
Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server.
5.1
CVE-2023-53882 - JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims' browsers.
9.2
CVE-2023-53881 - ReyeeOS 1.204.1614 Man-in-the-Middle Remote Code Execution via CWMP
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exβ¦
4.8
CVE-2023-53880 - Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces
Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScriptβ¦
7.3
CVE-2023-53878 - Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request pβ¦
9.3
CVE-2023-53877 - Bus Reservation System 1.1 Multiple SQL Injection via pickup_id Parameter
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database.
5.1
CVE-2023-53876 - Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScβ¦
7.5
CVE-2023-53875 - GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component
GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server inβ¦