8.7
CVE-2024-58312 - xbtitFM 4.1.18 Unauthenticated Path Traversal in nfogen.php
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP requeβ¦
8.7
CVE-2024-58310 - APC Network Management Card 4 Path Traversal via Directory Traversal
APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path travβ¦
8.7
CVE-2024-58309 - xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database namesβ¦
9.3
CVE-2024-58308 - Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.
9.3
CVE-2024-58307 - CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks aβ¦
8.7
CVE-2024-58306 - minaliC 2.0.0 Denial of Service Vulnerability via Large GET Request
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption.
5.3
CVE-2024-58304 - SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting
SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary cβ¦
8.6
CVE-2024-58303 - FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
6.9
CVE-2024-58302 - FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email geβ¦
9.3
CVE-2024-58301 - Purei CMS 1.0 SQL Injection via Multiple Vulnerable Endpoints
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like getAllParks.php and events-ajax.php by injecting crafted SQL payloads to potentially eβ¦