Latest vulnerabilities of Saturday, September 16, 2023

Latest vulnerabilities of Saturday, September 16, 2023
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/VULNERABILITIES-REPORTS-LOGO.png
{{titre}}

Last update performed on 09/16/2023 at 11:58:27 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : wordfence.com

Vulnerability ID : CVE-2023-4994

First published on : 16-09-2023 02:15:07
Last modified on : 16-09-2023 02:15:07

Description :
The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server.

CVE ID : CVE-2023-4994
Source : security@wordfence.com
CVSS Score : 9.9

References :
https://plugins.trac.wordpress.org/browser/allow-php-in-posts-and-pages/trunk/allowphp.php#L373 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=cve | source : security@wordfence.com

Vulnerability : CWE-94


(1) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-3025

First published on : 16-09-2023 09:15:07
Last modified on : 16-09-2023 09:15:07

Description :
The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVE ID : CVE-2023-3025
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/DropboxFolderShare/Principal.php#L118 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve | source : security@wordfence.com

Vulnerability : CWE-918


(2) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : wordfence.com

Vulnerability ID : CVE-2023-5001

First published on : 16-09-2023 05:15:45
Last modified on : 16-09-2023 05:15:45

Description :
The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5001
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/horizontal-scrolling-announcement/trunk/horizontal-scrolling-announcement.php#L389 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d4f60e8c-2745-4930-9101-914bd73c6e1c?source=cve | source : security@wordfence.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2023-5012

First published on : 16-09-2023 21:15:47
Last modified on : 16-09-2023 21:15:47

Description :
A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-239853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2023-5012
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.239853 | source : cna@vuldb.com
https://vuldb.com/?id.239853 | source : cna@vuldb.com

Vulnerability : CWE-428


(0) LOW VULNERABILITIES [0.1, 3.9]

(6) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-36160

First published on : 16-09-2023 00:15:07
Last modified on : 16-09-2023 00:15:07

Description :
An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.

CVE ID : CVE-2023-36160
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Yashodhanvivek/Qubo_smart_switch_security_assessment/blob/main/Qubo_Smart_Plug_10A_Security_Assessment.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-41436

First published on : 16-09-2023 00:15:08
Last modified on : 16-09-2023 00:15:08

Description :
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.

CVE ID : CVE-2023-41436
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/sromanhu/CSZ-CMS-Stored-XSS---Pages-Content/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-39612

First published on : 16-09-2023 01:15:07
Last modified on : 16-09-2023 01:15:07

Description :
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL.

CVE ID : CVE-2023-39612
Source : cve@mitre.org
CVSS Score : /

References :
https://febin0x4e4a.wordpress.com/2023/09/15/xss-in-filebrowser-leads-to-admin-account-takeover-in-filebrowser/ | source : cve@mitre.org
https://github.com/filebrowser/filebrowser/commit/b508ac3d4f7f0f75d6b49c99bdc661a6d2173f30 | source : cve@mitre.org
https://github.com/filebrowser/filebrowser/issues/2570 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39777

First published on : 16-09-2023 01:15:08
Last modified on : 16-09-2023 01:15:08

Description :
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.

CVE ID : CVE-2023-39777
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c | source : cve@mitre.org


Vulnerability ID : CVE-2023-42336

First published on : 16-09-2023 01:15:08
Last modified on : 16-09-2023 01:15:08

Description :
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.

CVE ID : CVE-2023-42336
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/adhikara13/CVE/blob/main/netis_WF2409E/Root_Hard_Code.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-41157

First published on : 16-09-2023 06:15:07
Last modified on : 16-09-2023 06:15:07

Description :
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.

CVE ID : CVE-2023-41157
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41157 | source : cve@mitre.org
https://webmin.com/tags/webmin-changelog/ | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.