CVE-2024-3274

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation...

CVE-2024-3273

Affected products: D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L NAS devices (firmware up to 2024-04-03). Vulnerability: Command injection in the HTTP GET Request Handler, exploiting the "/cgi-bin/nas_sharing.cgi" component via manipulation of system arguments. Impact: Remote code execution al...

CVE-2024-3273

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

VulnCheck KEV: CVE-2024-1021

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The...

CVE-2024-2910

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itboxpi/vpnquicksetservice.php?a=setvpn of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-2909

A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itboxpi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command...

CVE-2024-2910

CVE-2024-2910 affects Ruijie RG-EG350 (pre-20240318) in the VPN quick set service. The vulnerable component is the HTTP POST handler function vpnAction in the file /itbox_pi/vpn_quickset_service.php?a=set_vpn. By manipulating arguments ip, port, user, pass, dns, or startIp, an attacker can trigge...

CVE-2024-2909

CVE-2024-2909 affects Ruijie RG-EG350 up to 20240318. The vulnerability resides in the HTTP POST Request Handler function setAction (file /itbox_pi/networksafe.php?a=set) where manipulation of the bandwidth argument enables OS command injection. It can be exploited remotely; multiple sources conf...

GHSA-99WG-VMVQ-2CP5 RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php`

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

RaspAP raspap-webgui 3.0.9 contains a code injection vulnerability in includes/provider.php via the HTTP POST parameter country, enabling remote code execution. Exploitation is possible over the network and public disclosures exist. A remediation is available: upgrade to billz/raspap-webgui 3.1.0...

CVE-2024-2482

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

CVE-2024-2482

CVE-2024-2482 affects Surya2Developer Hostel Management Service 1.0, via the HTTP POST Request Handler in the file /check_availability.php. The vulnerability arises from manipulation of the argument named oldpassword, causing an observable response discrepancy. Impact details in the provided sour...

PT-2024-20680 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui version 3.0.9 Description: A critical issue affects the processing of the file includes/provider.php in the HTTP POST Request Handler component. The manipulation of the country argument leads to code injection. This issue...

PT-2024-20586 · Unknown · Surya2Developer Hostel Management Service

Name of the Vulnerable Software and Affected Versions: Surya2Developer Hostel Management Service version 1.0 Description: A vulnerability has been found in the HTTP POST Request Handler component, specifically in the file /check availability.php. The manipulation of the oldpassword argument leads...

PT-2024-21753 · Google · Android

Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to a possible out of bounds memory access in the lpm req handler due to a missing bounds check. This could lead to local escalation of privilege with no additional executio...

Sql injection

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/managecategory.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql...

PT-2024-19807 · Unknown · Sourcecodester Online Mobile Management Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Mobile Management Store version 1.0 Description: A critical issue affects the processing of the file /admin/maintenance/manage category.php in the HTTP GET Request Handler component. The manipulation of the id argument...

CVE-2024-2272

A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...