VulDB Recent Entries

A vulnerability was found in Icegram Plugin up to 3.1.25 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component During Web Page. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-43344. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in BdThemes Ultimate Store Kit Elementor Addons Plugin up to 1.6.4 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43342. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Svetoslav Marinov Child Theme Creator Plugin up to 1.5.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-43276. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Automattic WooCommerce Plugin up to 9.1.2 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-39666. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in CyberChimps Responsive Blocks Plugin up to 1.8.8 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-43335. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality of the file /admin/system.php of the component Favicon Handler. The manipulation of the argument site_favicon leads to unrestricted upload. This vulnerability is handled as CVE-2024-7917. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file addNominee.php of the component Add Nominee Page. The manipulation of the argument Nominee-Client ID leads to cross site scripting. This vulnerability is known as CVE-2024-7916. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. This vulnerability is traded as CVE-2024-7914. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql injection. The identification of this vulnerability is CVE-2024-7913. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. This vulnerability was named CVE-2024-7912. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. This vulnerability is uniquely identified as CVE-2024-7911. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-7910. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-7909. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-7908. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The identification of this vulnerability is CVE-2024-7907. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload. This vulnerability was named CVE-2024-7906. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-7905. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. This vulnerability is handled as CVE-2024-7904. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/media_add.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. This vulnerability is known as CVE-2024-7903. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in reputeinfosystems ARMember Plugin up to 4.0.37 on WordPress. It has been classified as problematic. Affected is an unknown function of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-7703. It is possible to launch the attack remotely. There is no exploit available.