CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition

WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...

CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition

WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...

CVE-2024-28850 WP Crontrol possible RCE when combined with a pre-condition

WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability...

CVE-2024-28107

The CVE-2024-28107 entry concerns phpMyFAQ, a PHP-based FAQ app. The vulnerability is a SQL injection in the insertentry and saveentry paths, caused by improper escaping of the email address. It affects authenticated users with add/edit rights, enabling data exfiltration, potential account takeov...

CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...

CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...

CVE-2024-27299

phpMyFAQ 3.2.5 contains a SQL injection in the Add News feature through the authorEmail field (FILTER_VALIDATE_EMAIL) not being properly escaped. Exploitation requires an authenticated user with news-edit rights and can lead to data exfiltration, account takeover, and potentially remote code exec...

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

CVE-2024-24892 Unauthorized RCE in migration-tools

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files...

CVE-2024-24892 Unauthorized RCE in migration-tools

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files...

Exploit for Code Injection in Getgrav Grav

Graver =========== Description Proof of Concept script to e...

SUSE SLES15 / openSUSE 15 Security Update : python-uamqp (SUSE-SU-2024:0947-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0947-1 advisory. - The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed...

CVE-2024-28861

CVE-2024-28861 affects Symfony 1.x (1.1.0 to 1.5.18) due to a dangerous deserialization gadget chain in sfNamespacedParameterHolder, enabling remote code execution when an application deserializes user input. The issue arises from how sfOutputEscaperArrayDecorator interacts during deserialization...

Metasploit Weekly Wrap-Up 03/22/2024

New module content 1 OpenNMS Horizon Authenticated RCE Author: Erik Wynter Type: Exploit Pull request: 18618 contributed by ErikWynter Path: linux/http/opennmshorizonauthenticatedrce AttackerKB reference: CVE-2023-0872 Description: This module exploits built-in functionality in OpenNMS Horizon in...

SpEL Injection

OpenMetadata is vulnerable to SpEL Injection. This vulnerability is due to insufficient input validation within the EventSubscriptionRepository.prepare method, which allows an attacker to inject a specially crafted SpEL statement to the api/v1/events/subscriptions endpoint, which can result in...