|
2441
|
- |
|
-
|
-
|
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipul…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2024-13204
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2442
|
- |
|
-
|
-
|
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is pos…
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2024-13203
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2443
|
- |
|
-
|
-
|
A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admi…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2024-13202
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2444
|
- |
|
-
|
-
|
A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/ad…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13201
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2445
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInter…
|
CWE-284
CWE-266
Improper Access Control
Incorrect Privilege Assignment
|
CVE-2024-13200
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2446
|
- |
|
-
|
-
|
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
|
-
|
CVE-2024-37372
|
2025-01-9 10:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2447
|
- |
|
-
|
-
|
Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the sh…
|
-
|
CVE-2024-27980
|
2025-01-9 10:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2448
|
- |
|
-
|
-
|
A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2024-13199
|
2025-01-9 10:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2449
|
- |
|
-
|
-
|
A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepa…
|
CWE-203
CWE-204
Information Exposure Through Discrepancy
Response Discrepancy Information Exposure
|
CVE-2024-13198
|
2025-01-9 10:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2450
|
- |
|
-
|
-
|
ActiveSupport::EncryptedFile writes contents that will be encrypted to a
temporary file. The temporary file's permissions are defaulted to the user's
current `umask` settings, meaning that it's po…
|
-
|
CVE-2023-38037
|
2025-01-9 10:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
