Latest vulnerabilities [Saturday, March 30, 2024]

Latest vulnerabilities [Saturday, March 30, 2024]
{{titre}}

Last update performed on 03/30/2024 at 11:57:12 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : wordfence.com

Vulnerability ID : CVE-2024-2086

First published on : 30-03-2024 05:15:35
Last modified on : 30-03-2024 05:15:35

Description :
The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.

CVE ID : CVE-2024-2086
Source : security@wordfence.com
CVSS Score : 10.0

References :
https://plugins.trac.wordpress.org/changeset/3051452/integrate-google-drive/tags/1.3.9/includes/class-ajax.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a303c798-c206-426a-9a96-263c8c069bdb?source=cve | source : security@wordfence.com


(7) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2024-2047

First published on : 30-03-2024 05:15:35
Last modified on : 30-03-2024 05:15:35

Description :
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other β€œsafe” file types can be uploaded and included.

CVE ID : CVE-2024-2047
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.5/widgets/testimonial/testimonial.php#L2458 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3054091/elementskit-lite/tags/3.0.7/widgets/testimonial/testimonial.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/413e6326-14c6-4734-8adc-114a7842c574?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-3018

First published on : 30-03-2024 12:15:07
Last modified on : 30-03-2024 12:15:07

Description :
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVE ID : CVE-2024-3018
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/changeset/3060417/essential-addons-for-elementor-lite | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/342049e5-834e-4867-8174-01ca7bb0caa2?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-2948

First published on : 30-03-2024 08:15:07
Last modified on : 30-03-2024 08:15:07

Description :
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user_favorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'no_favorites'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2948
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3061244%40favorites&new=3061244%40favorites&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/38a87046-9a46-40c2-b10d-d1a7d5ef8742?source=cve | source : security@wordfence.com


Source : huntr.dev

Vulnerability ID : CVE-2024-1522

First published on : 30-03-2024 18:15:45
Last modified on : 30-03-2024 18:15:45

Description :
I have activated the CORS because I had a development ui that uses another port number then I forgot to remove it. So what I just did is : - First removed the cors configuration that allows everyone to access it : before: ```python sio = socketio.AsyncServer(async_mode="asgi", cors_allowed_origins="*", ping_timeout=1200, ping_interval=30) # Enable CORS for every one ``` after: ```python cert_file_path = lollms_paths.personal_certificates/"cert.pem" key_file_path = lollms_paths.personal_certificates/"key.pem" if os.path.exists(cert_file_path) and os.path.exists(key_file_path): is_https = True else: is_https = False # Create a Socket.IO server sio = socketio.AsyncServer(async_mode="asgi", cors_allowed_origins=config.allowed_origins+[f"https://localhost:{config['port']}" if is_https else f"http://localhost:{config['port']}"], ping_timeout=1200, ping_interval=30) # Enable CORS for selected origins ``` - Second, I have updated lollms to have two modes (a headless mode and a ui mode). And updated the /execute_code to block if the server is headless or is exposed ```python @router.post("/execute_code") async def execute_code(request: Request): """ Executes Python code and returns the output. :param request: The HTTP request object. :return: A JSON response with the status of the operation. """ if lollmsElfServer.config.headless_server_mode: return {"status":False,"error":"Code execution is blocked when in headless mode for obvious security reasons!"} if lollmsElfServer.config.host=="0.0.0.0": return {"status":False,"error":"Code execution is blocked when the server is exposed outside for very obvipous reasons!"} try: data = (await request.json()) code = data["code"] discussion_id = int(data.get("discussion_id","unknown_discussion")) message_id = int(data.get("message_id","unknown_message")) language = data.get("language","python") if language=="python": ASCIIColors.info("Executing python code:") ASCIIColors.yellow(code) return execute_python(code, discussion_id, message_id) if language=="javascript": ASCIIColors.info("Executing javascript code:") ASCIIColors.yellow(code) return execute_javascript(code, discussion_id, message_id) if language in ["html","html5","svg"]: ASCIIColors.info("Executing javascript code:") ASCIIColors.yellow(code) return execute_html(code, discussion_id, message_id) elif language=="latex": ASCIIColors.info("Executing latex code:") ASCIIColors.yellow(code) return execute_latex(code, discussion_id, message_id) elif language in ["bash","shell","cmd","powershell"]: ASCIIColors.info("Executing shell code:") ASCIIColors.yellow(code) return execute_bash(code, discussion_id, message_id) elif language in ["mermaid"]: ASCIIColors.info("Executing mermaid code:") ASCIIColors.yellow(code) return execute_mermaid(code, discussion_id, message_id) elif language in ["graphviz","dot"]: ASCIIColors.info("Executing graphviz code:") ASCIIColors.yellow(code) return execute_graphviz(code, discussion_id, message_id) return {"status": False, "error": "Unsupported language", "execution_time": 0} except Exception as ex: trace_exception(ex) lollmsElfServer.error(ex) return {"status":False,"error":str(ex)} ``` I also added an optional https mode and looking forward to add a full authentication with cookies and a personal session etc. All updates will be in V 9.1 Again, thanks alot for your work. I will make it harder next time, but if you find more bugs, just be my guest :)

CVE ID : CVE-2024-1522
Source : security@huntr.dev
CVSS Score : 8.8

References :
https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b | source : security@huntr.dev
https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71 | source : security@huntr.dev

Vulnerability : CWE-352


Source : vuldb.com

Vulnerability ID : CVE-2024-3085

First published on : 30-03-2024 09:15:22
Last modified on : 30-03-2024 09:15:22

Description :
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-3085
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sqli.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.258678 | source : cna@vuldb.com
https://vuldb.com/?id.258678 | source : cna@vuldb.com
https://vuldb.com/?submit.306958 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-3087

First published on : 30-03-2024 11:15:50
Last modified on : 30-03-2024 11:15:50

Description :
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680.

CVE ID : CVE-2024-3087
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.258680 | source : cna@vuldb.com
https://vuldb.com/?id.258680 | source : cna@vuldb.com
https://vuldb.com/?submit.306961 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-3088

First published on : 30-03-2024 11:15:50
Last modified on : 30-03-2024 11:15:50

Description :
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability.

CVE ID : CVE-2024-3088
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_forgotpasssqli.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.258681 | source : cna@vuldb.com
https://vuldb.com/?id.258681 | source : cna@vuldb.com
https://vuldb.com/?submit.306962 | source : cna@vuldb.com

Vulnerability : CWE-89


(14) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : wordfence.com

Vulnerability ID : CVE-2024-0367

First published on : 30-03-2024 05:15:34
Last modified on : 30-03-2024 05:15:34

Description :
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button Link') in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0367
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045122%40unlimited-elements-for-elementor&new=3045122%40unlimited-elements-for-elementor&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/47853750-0bf1-4df3-9c56-c6852543cfad?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1051

First published on : 30-03-2024 05:15:34
Last modified on : 30-03-2024 05:15:34

Description :
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1051
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.svn.wordpress.org/list-category-posts/trunk/include/lcp-catlistdisplayer.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055332%40list-category-posts&new=3055332%40list-category-posts&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a58cba26-a57e-4170-95bb-54ea7cfdb10c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1238

First published on : 30-03-2024 05:15:34
Last modified on : 30-03-2024 05:15:34

Description :
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1238
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054091%40elementskit-lite&new=3054091%40elementskit-lite&sfp_email=&sfph_mail=#file18 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cf195cca-4e07-41ff-bf26-9ad5fca3635d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1692

First published on : 30-03-2024 05:15:34
Last modified on : 30-03-2024 05:15:34

Description :
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1692
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054618%40boldgrid-easy-seo&new=3054618%40boldgrid-easy-seo&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0a308fde-1c44-4c34-ace5-6820dc949f53?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-2794

First published on : 30-03-2024 05:15:35
Last modified on : 30-03-2024 05:15:35

Description :
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2794
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055320%40block-options&new=3055320%40block-options&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/814cce39-ef25-4d0f-b793-dca5c873f468?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-2140

First published on : 30-03-2024 07:15:08
Last modified on : 30-03-2024 07:15:08

Description :
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2140
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056561%40ultimate-addons-for-beaver-builder-lite&new=3056561%40ultimate-addons-for-beaver-builder-lite&sfp_email=&sfph_mail=#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c6c35f-1095-4897-b4a6-e7b295c187de?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-2141

First published on : 30-03-2024 07:15:09
Last modified on : 30-03-2024 07:15:09

Description :
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2141
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/ultimate-addons-for-beaver-builder-lite/trunk/modules/uabb-button/includes/frontend.php#L25 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056561%40ultimate-addons-for-beaver-builder-lite&new=3056561%40ultimate-addons-for-beaver-builder-lite&sfp_email=&sfph_mail=#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/61c3a517-70c8-4fc2-b8d6-1dcb2ad811d8?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-2142

First published on : 30-03-2024 07:15:09
Last modified on : 30-03-2024 07:15:09

Description :
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2142
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/ultimate-addons-for-beaver-builder-lite/trunk/modules/info-table/includes/frontend.php#L29 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056561%40ultimate-addons-for-beaver-builder-lite&new=3056561%40ultimate-addons-for-beaver-builder-lite&sfp_email=&sfph_mail=#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8b6c6e10-3feb-4ecd-a17a-81e15c471d3d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-2143

First published on : 30-03-2024 07:15:09
Last modified on : 30-03-2024 07:15:09

Description :
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2143
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056561%40ultimate-addons-for-beaver-builder-lite&new=3056561%40ultimate-addons-for-beaver-builder-lite&sfp_email=&sfph_mail=#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b290f4c-293d-41d5-b43e-b9c5c350552b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-2144

First published on : 30-03-2024 07:15:10
Last modified on : 30-03-2024 07:15:10

Description :
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2144
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/ultimate-addons-for-beaver-builder-lite/trunk/modules/image-separator/includes/frontend.php#L14 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056561%40ultimate-addons-for-beaver-builder-lite&new=3056561%40ultimate-addons-for-beaver-builder-lite&sfp_email=&sfph_mail=#file2 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/552c0810-9687-4a66-91a4-e34228552a15?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-2491

First published on : 30-03-2024 10:15:07
Last modified on : 30-03-2024 10:15:07

Description :
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2491
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3053463/powerpack-lite-for-elementor | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/22c4b981-6135-4c44-aa68-f0d51704a68c?source=cve | source : security@wordfence.com


Source : vuldb.com

Vulnerability ID : CVE-2024-3084

First published on : 30-03-2024 08:15:07
Last modified on : 30-03-2024 08:15:07

Description :
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability.

CVE ID : CVE-2024-3084
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sxss.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.258677 | source : cna@vuldb.com
https://vuldb.com/?id.258677 | source : cna@vuldb.com
https://vuldb.com/?submit.306957 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-3086

First published on : 30-03-2024 09:15:22
Last modified on : 30-03-2024 09:15:22

Description :
A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679.

CVE ID : CVE-2024-3086
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rxss.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.258679 | source : cna@vuldb.com
https://vuldb.com/?id.258679 | source : cna@vuldb.com
https://vuldb.com/?submit.306960 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-3089

First published on : 30-03-2024 12:15:07
Last modified on : 30-03-2024 12:15:07

Description :
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-3089
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_csrf.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.258682 | source : cna@vuldb.com
https://vuldb.com/?id.258682 | source : cna@vuldb.com
https://vuldb.com/?submit.306963 | source : cna@vuldb.com

Vulnerability : CWE-352


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2024-3090

First published on : 30-03-2024 13:15:45
Last modified on : 30-03-2024 13:15:45

Description :
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.

CVE ID : CVE-2024-3090
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.258683 | source : cna@vuldb.com
https://vuldb.com/?id.258683 | source : cna@vuldb.com
https://vuldb.com/?submit.306964 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-3091

First published on : 30-03-2024 14:15:07
Last modified on : 30-03-2024 14:15:07

Description :
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.

CVE ID : CVE-2024-3091
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authrxss.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.258684 | source : cna@vuldb.com
https://vuldb.com/?id.258684 | source : cna@vuldb.com
https://vuldb.com/?submit.306965 | source : cna@vuldb.com

Vulnerability : CWE-79


(2) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2024-28288

First published on : 30-03-2024 01:15:47
Last modified on : 30-03-2024 01:15:47

Description :
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.

CVE ID : CVE-2024-28288
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/adminquit/CVE-2024-28288/blob/d8223c6d45af877669c27fa0a95adfe51924fa86/CVE-2024-28288/CVE-2024-28288.md | source : cve@mitre.org
https://pan.baidu.com/s/1H4J_eA6wSCnDEsUSAWIzsg?pwd=CVE1 | source : cve@mitre.org


Vulnerability ID : CVE-2024-29278

First published on : 30-03-2024 01:15:47
Last modified on : 30-03-2024 01:15:47

Description :
funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in "create a message ."

CVE ID : CVE-2024-29278
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/QDming/cve/blob/main/cve | source : cve@mitre.org
https://github.com/funson86/funboot/issues/2 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.