CVE-2022-24652

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...

CVE-2020-24652

A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2025-24652

Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through = 1.1.6...

CVE-2025-24652

CVE-2025-24652: Missing Authorization in Revmakx WP Duplicate – WordPress Migration Plugin (local-sync) affects versions up to 1.1.6. Root cause is broken access control allowing unauthorized actor to exploit configuration/security level handling. CVSS 3.1 base score 5.4 (Medium) with network att...

CVE-2025-24652 WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through = 1.1.6...

CVE-2023-24652

creationtimestamp| type| source ---|---|--- 2023-02-27 18:27:58+00:00| seen| https://t.me/cibsecurity/58953 2025-03-10 17:38:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7016...

CVE-2023-24652

CVE-2023-24652 affects Simple Customer Relationship Management System v1.0. The issue is a SQL injection vulnerability in the Description parameter of the Create ticket function, potentially allowing unauthorized data access/modification. According to the cited metrics, impact is High (C, I, A = ...

CVE-2022-24652

CVE-2022-24652 affects SentCMS 4.0.x. The vulnerability stems from a lack of validation of uploaded files in the unauthorized file upload interface at /admin/upload/upload, enabling remote attackers to upload arbitrary files and achieve PHP code execution. The NVD reports a high-severity impact (...

CVE-2021-24652

CVE-2021-24652 (PostX – Gutenberg Blocks for Post Grid) affects the WordPress plugin PostX – Gutenberg Blocks for Post Grid, prior to version 2.4.10. The vulnerability arises from missing/incorrect access controls in certain AJAX requests, allowing any logged-in user to modify, delete, or add val...

CVE-2020-24652

A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-24652

A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-24652

The CVE-2020-24652 entry concerns a remote code execution via addVsiInterfaceInfo Expression Language Injection in Hewlett Packard Enterprise Intelligent Management Center (iMC) prior to PLAT 7.3 (E0705P07). The vulnerability affects iMC components handling addVsiInterfaceInfo.xhtml and is driven...