CVE-2024-12946

CVE-2024-12946

Título es
CVE-2024-12946

Jue, 26/12/2024 – 10:15

Tipo
CWE-74

Gravedad v2.0
7.50

Gravedad 2.0 Txt
HIGH

Título en

CVE-2024-12946

Descripción en
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

26/12/2024
26/12/2024
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://1000projects.org/

  • https://github.com/vicleet/CVE/issues/1

  • https://vuldb.com/?ctiid_289307=

  • https://vuldb.com/?id_289307=

  • https://vuldb.com/?submit_468392=

    • Enviar en el boletín
    Off

    CVE-2024-12945

    CVE-2024-12945

    Título es
    CVE-2024-12945

    Jue, 26/12/2024 – 10:15

    Tipo
    CWE-74

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2024-12945

    Descripción en
    A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /account.php. The manipulation of the argument email/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    26/12/2024
    26/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://code-projects.org/

  • https://github.com/Wind-liberty/CVE/issues/3

  • https://vuldb.com/?ctiid_289306=

  • https://vuldb.com/?id_289306=

  • https://vuldb.com/?submit_468378=

    • Enviar en el boletín
    Off

    CVE-2024-12947

    CVE-2024-12947

    Título es
    CVE-2024-12947

    Jue, 26/12/2024 – 11:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-12947

    Descripción en
    A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

    26/12/2024
    26/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/alc9700jmo/CVE/issues/3

  • https://vuldb.com/?ctiid_289310=

  • https://vuldb.com/?id_289310=

  • https://vuldb.com/?submit_468522=

    • Enviar en el boletín
    Off

    CVE-2024-47156

    CVE-2024-47156

    Título es
    CVE-2024-47156

    Jue, 26/12/2024 – 11:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47156

    Descripción en
    Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

    26/12/2024
    26/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://www.honor.com/global/security/cve-2024-47156/

    • Enviar en el boletín
    Off

    CVE-2024-47151

    CVE-2024-47151

    Título es
    CVE-2024-47151

    Jue, 26/12/2024 – 11:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47151

    Descripción en
    Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution

    26/12/2024
    26/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://www.honor.com/global/security/cve-2024-47151/

    • Enviar en el boletín
    Off

    CVE-2024-12948

    CVE-2024-12948

    Título es
    CVE-2024-12948

    Jue, 26/12/2024 – 11:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-12948

    Descripción en
    A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    26/12/2024
    26/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://code-projects.org/

  • https://vuldb.com/?ctiid_289311=

  • https://vuldb.com/?id_289311=

  • https://vuldb.com/?submit_468538=

    • Enviar en el boletín
    Off

    CVE-2024-12938

    CVE-2024-12938

    Título es
    CVE-2024-12938

    Jue, 26/12/2024 – 06:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-12938

    Descripción en
    A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    26/12/2024
    26/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://code-projects.org/

  • https://vuldb.com/?ctiid_289291=

  • https://vuldb.com/?id_289291=

  • https://vuldb.com/?submit_468135=

    • Enviar en el boletín
    Off

    CVE-2024-12937

    CVE-2024-12937

    Título es
    CVE-2024-12937

    Jue, 26/12/2024 – 06:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-12937

    Descripción en
    A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the argument qty leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    26/12/2024
    26/12/2024
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://code-projects.org/

  • https://vuldb.com/?ctiid_289290=

  • https://vuldb.com/?id_289290=

  • https://vuldb.com/?submit_468134=

    • Enviar en el boletín
    Off

    CVE-2024-11223

    CVE-2024-11223

    Título es
    CVE-2024-11223

    Jue, 26/12/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-11223

    Descripción en
    The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

    26/12/2024
    26/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/82989909-9745-4c9a-abc7-c1adf8c2b047/

    • Enviar en el boletín
    Off

    CVE-2024-10903

    CVE-2024-10903

    Título es
    CVE-2024-10903

    Jue, 26/12/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-10903

    Descripción en
    The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.

    26/12/2024
    26/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb/

    • Enviar en el boletín
    Off