6.3
CVE-2024-7659 - projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to lauβ¦
6.9
CVE-2024-7658 - projectsend process.php get_preview resource injection
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720 β¦
5.3
CVE-2024-7657 - Gila CMS HTTP POST Request page cross site scripting
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotβ¦
9.2
CVE-2024-21876 - Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
8.7
CVE-2024-21879 - URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enβ¦
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
9.2
CVE-2024-21877 - Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 andΒ < 8.2.4225.
9.2
CVE-2024-21878 - Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.xβ¦
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currenβ¦
8.6
CVE-2024-21880 - URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enβ¦
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x
8.6
CVE-2024-21881 - Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and β¦
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
5.4
CVE-2024-6134 - WP eStore < 8.5.6 - Reflected XSS in Product Editing
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin