WordPress plugin Clone 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-11617 · Unknown · Flipkart-Clone-Php

Name of the Vulnerable Software and Affected Versions: Flipkart-Clone-PHP version 1.0 Description: The issue allows attackers to execute arbitrary code through a SQL Injection vulnerability in the product title parameter in the entry.php file. Recommendations: For Flipkart-Clone-PHP version 1.0,...

CVE-2022-38947

SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in producttitle parameter, allows attackers to execute arbitrary code...

PT-2024-12062 · Unknown · Migrate Clone

Name of the Vulnerable Software and Affected Versions: Migrate Clone versions prior to 2.3.8 Description: The issue is related to a Missing Authorization vulnerability in Migrate Clone, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

CVE-2022-38947

CVE-2022-38947 is a SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0, specifically in entry.php via the product_title parameter, leading to arbitrary code execution. Root cause: unsafe handling of user input in the product_title field allows injection. Impact is described as high/cri...

CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990 Exploit My full writeup for how I came to re-...

CVE-2024-10913

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain i...

CVE-2024-10913 Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace'

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain i...

WordPress Clone plugin <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace' vulnerability

Unauthenticated PHP Object Injection via 'recursiveunserializedreplace' vulnerability discovered by Webbernaut in WordPress Plugin Clone versions = 2.4.6...

WordPress plugin Clone 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress Clone Plugin <= 2.4.6 is vulnerable to PHP Object Injection

Software Clone Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10913 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3676e7fb18ec Credits Webbernaut Required privilege Unauthenticated...

PT-2024-16638 · WordPress · Clone

Name of the Vulnerable Software and Affected Versions: The Clone plugin for WordPress versions up to, and including, 2.4.6 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in the recursive unserialized replace function. If a POP...

MAL-2024-12190 Malicious code in ansishade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c34f34cc1bdc60a4851d462f058187107a8c200d06ce08295d773f351fa1749a Importing the module starts the banner function, which downloads and runs an obfuscated remote script. The package seems to be a clone a one of existing simila...

kernel: x86/mm: Fix pti_clone_pgtable() alignment assumption

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pticlonepgtable alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then DF from the stack guard. It turned out that...

SUSE CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

CVE-2024-51990 Path traversal via crafted Git repositories in jj

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

PT-2024-35081 · Jj · Jj

Name of the Vulnerable Software and Affected Versions: jj versions prior to 0.23.0 Description: Specially crafted Git repositories can cause jj to write files outside the clone. This issue can be achieved by having file objects which contain path traversals. To exploit this, an attacker would nee...

CVE-2024-43297

Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5...