|
351
|
- |
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affec…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2024-49649
|
2025-01-7 20:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
- |
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in AllAccessible Team Accessibility by AllAccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through 1.3.4.
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-49644
|
2025-01-7 20:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a thr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-49633
|
2025-01-7 20:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
- |
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservati…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-49294
|
2025-01-7 20:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
- |
|
-
|
-
|
Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3.
New
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2024-49249
|
2025-01-7 20:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
- |
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-49222
|
2025-01-7 20:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
- |
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-43243
|
2025-01-7 20:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, …
New
|
CWE-862
Missing Authorization
|
CVE-2024-12719
|
2025-01-7 19:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it p…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12699
|
2025-01-7 19:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
7.5 |
HIGH
Network
-
|
-
|
The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for…
New
|
CWE-22
Path Traversal
|
CVE-2024-12152
|
2025-01-7 19:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
