346 matches found
CVE-2024-9788 LyLme_spage tag.php sql injection
A vulnerability has been found in LyLmespage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...
CVE-2024-8864
CVE-2024-8864 affects ComposioHQ Composio up to 0.5.6. The vulnerability targets the Calculator function in python/composio/tools/local/mathematical/actions/calculator.py, where input manipulation enables code injection and arbitrary code execution. The public exploit is disclosed; vendor respons...
CVE-2024-8862
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be...
CVE-2024-8655 Mercury MNVR816 web-static file access
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2024-8579
A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The...
CVE-2024-8575 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiScheduleCfg buffer overflow
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit h...
CVE-2024-8574
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated...
CVE-2024-8568 Mini-Tmall 1 rewardMapper.select sql injection
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...
CVE-2024-8523
CVE-2024-8523 affects lmxcms up to version 1.4. The vulnerable component is the function formatData in the file /admin.php?m=Acquisi&a=testcj&lid=1 of the SQL Command Execution Module . Manipulation of the argument data leads to code injection. The issue can be exploited remotely, and the exploit...
CVE-2024-8296
A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument Useravatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...
GHSA-XXQW-83C7-R24R FeehiCMS file upload vulnerability
A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLinkimage leads to unrestricted upload. It is possible to initiate the attack...
CVE-2024-5987
The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...
CVE-2024-8226
A vulnerability has been found in Tenda O1 1.0.0.710648 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The explo...
CVE-2024-8225
A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...
CVE-2024-8225
The CVE-2024-8225 vulnerability affects Tenda G3 devices (version 15.11.0.20) in the formSetSysTime function (/goform/SetSysTimeCfg). The root cause is manipulation of the sysTimePolicy argument, causing a stack-based buffer overflow. This can be exploited remotely, and public exploits have been ...
CVE-2024-8208
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
CVE-2024-8078 TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this...
CVE-2024-8077 TOTOLINK AC1200 T8 setTracerouteCfg os command injection
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this...