diff --git a/cves.json b/cves.json index c2f26c346e..cca64087ee 100644 --- a/cves.json +++ b/cves.json @@ -2471,6 +2471,7 @@ {"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"} {"ID":"CVE-2024-27956","Info":{"Name":"WordPress Automatic Plugin \u003c= 3.92.0 - SQL Injection","Severity":"critical","Description":"The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-27956.yaml"} {"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"} +{"ID":"CVE-2024-28397","Info":{"Name":"pyload-ng js2py - Remote Code Execution","Severity":"medium","Description":"An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-28397.yaml"} {"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"} {"ID":"CVE-2024-2876","Info":{"Name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","Severity":"critical","Description":"The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress \u0026 WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-2876.yaml"} {"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"high","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index e316dfecd4..4984d3a061 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -8658e0ae60111e9b8cc0c547a092c6ce +06b317a97cb6e8c63b4fb0ccf5c2ad6b