Security Vulnerabilities - CVEs Published In February 2024
Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.
This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.
There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.
CVSS Score
7.7
EPSS Score
0.002
Published
2024-02-27
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-02-27
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-02-27
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-02-27
An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-27
SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.
CVSS Score
8.6
EPSS Score
0.01
Published
2024-02-27
Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-27
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-02-27
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-02-27
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.
CVSS Score
8.3
EPSS Score
0.001
Published
2024-02-27