PT-2024-9332 · Luigi · Luigi

Name of the Vulnerable Software and Affected Versions: luigi versions prior to 3.6.0 Description: The issue is related to improper destination file path validation in the extract packages archive function, which can lead to arbitrary file write via archive extraction, also known as Zip Slip. This...

Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a user-supplied path...

PT-2024-36588 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this issue. The specific flaw exists within the...

CVE-2024-7782

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...

CVE-2024-7777 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes i...

CVE-2024-7777

CVE-2024-7777 affects WordPress Bit Form plugin (2.0–2.13.9). Insufficient file-path validation in multiple functions allows authenticated Administrators+ to read and delete arbitrary server files (e.g., wp-config.php), potentially enabling remote code execution. Patch available in version 2.13.1...

WordPress plugin Contact Form by Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

WordPress plugin Contact Form by Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

PT-2024-38576 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.4 Description: The issue is related to insufficient file path validation in the iconRemove function, which allows authenticated attackers with Administrator-level access and above to dele...

ZZCMS 路径遍历漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. ZZCMS suffers from an arbitrary file read vulnerability, which is due to a lack of effective validation of file paths and can be exploited by an attacker to perform directory traversal...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. Directory traversal vulnerability exists in ZZCMS 2023 and previous versions, the vulnerability stems from insufficient validation and filtering of user-input file paths, which can be exploited by an attacker to delete arbitrary...

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

CVE-2024-7263

CVE-2024-7263 affects Kingsoft WPS Office on Windows, specifically the promecefpluginhost.exe path validation. Versions 12.2.0.13110 through 12.2.0.17115 (exclusive) are vulnerable to loading an arbitrary Windows library due to improper path validation, with the issue tied to an earlier CVE-2024-...

CVE-2024-7263 Arbitrary Code Execution in WPS Office

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

CVE-2024-7262 Arbitrary Code Execution in WPS Office

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

CVE-2024-7262 Arbitrary Code Execution in WPS Office

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

CVE-2024-7262

Kingsoft WPS Office for Windows is affected by CVE-2024-7262 due to improper path validation in promecefpluginhost.exe. Versions 12.2.0.13110–12.2.0.16412 (exclusive) are exploitable via a weaponized, single-click embedded spreadsheet document that can load an arbitrary Windows library. Connected...

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...