CVE-2023-45824

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

CVE-2024-45824

creationtimestamp| type| source ---|---|--- 2024-09-12 16:52:29+00:00| seen| https://t.me/cvedetector/5482 2024-09-15 19:47:00+00:00| seen| https://t.me/icscert/913...

CVE-2024-45824 FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains...

CVE-2024-45824 FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains...

CVE-2023-45824

The CVE-2023-45824 issue affects OroPlatform (PHP BAP). A logged-in user can access page state data of pinned pages belonging to other users by using a pageId hash. Publicly documented details indicate this affects OroPlatform versions across multiple lines: 4.2.0–4.2.10, 5.0.0–5.0.12, and 5.1.0–...

CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

CVE-2022-45824

Cross-Site Request Forgery CSRF vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

CVE-2022-45824

CVE-2022-45824 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Advanced Booking Calendar, version 1.7.1 and earlier. Multiple sources confirm missing CSRF checks in certain areas, enabling an attacker to trick an authenticated user into performing unintended ac...

CVE-2022-45824 WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...