Code execution vulnerability in multiple Mozilla products (CNVD-2025-24651)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

CVE-2025-24651

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through = 1.5.3...

CVE-2025-24651

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through = 1.5.3...

CVE-2025-24651 WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through = 1.5.3...

CVE-2023-24651

creationtimestamp| type| source ---|---|--- 2025-03-10 17:38:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7017 2025-03-10 19:39:13+00:00| seen| Telegram/4KA2-1aGZRBGaAyOclK9yck6xuKeA0Acn8k87fHXsLtpkEHo...

CVE-2023-24651

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page...

CVE-2023-24651

CVE-2023-24651 affects Simple Customer Relationship Management System v1.0. The registration page exposes a SQL injection in the name parameter, arising from improper handling of user input. Documented impact per CVSSv3.1 shows Network access with Low Confidentiality/Integrity impact and no Avail...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

CVE-2022-24651

CVE-2022-24651 affects SentCMS 4.0.x. The vulnerability allows remote attackers to upload arbitrary files via an unauthorized upload interface at /user/upload/upload, enabling PHP code execution. Multiple sources corroborate that the issue stems from lack of validation of uploaded files. No patch...

CVE-2021-24651

creationtimestamp| type| source ---|---|--- 2021-10-11 14:24:31+00:00| seen| https://t.me/cibsecurity/30316...

CVE-2021-24651 Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the aysfinishpoll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash...

CVE-2021-24651

CVE-2021-24651 affects the WordPress Poll Maker plugin prior to 3.4.2. The vulnerability is an unauthenticated, time-based SQL injection via the ays_finish_poll AJAX action. The impact described in connected sources includes the ability to exfiltrate data such as password hashes through timing-ba...

CVE-2020-24651

creationtimestamp| type| source ---|---|--- 2020-10-19 22:52:30+00:00| seen| https://t.me/cibsecurity/15392...

CVE-2020-24651

HPE Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07) is affected by CVE-2020-24651. The issue is a syslogTempletSelectWin expression language injection in the SyslogTempletSelectWin.xhtml endpoint, enabling remote code execution with SYSTEM privileges. Exploitation details indicate ...

CVE-2020-24651

A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...