Security Vulnerabilities - CVEs Published In March 2024
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
CVSS Score
3.8
EPSS Score
0.005
Published
2024-03-26
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-26
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-26
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-26
The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection
CVSS Score
9.8
EPSS Score
0.001
Published
2024-03-26
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-03-25
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-03-25
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-03-25
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-03-25
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.
CVSS Score
8.8
EPSS Score
0.023
Published
2024-03-25