Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2024
SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-03-22
SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-03-22
SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-03-22
An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
CVSS Score
8.4
EPSS Score
0.554
Published
2024-03-22
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
CVSS Score
9.8
EPSS Score
0.229
Published
2024-03-22
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
CVSS Score
8.4
EPSS Score
0.047
Published
2024-03-22
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.
CVSS Score
6.3
EPSS Score
0.006
Published
2024-03-22
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-03-22
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.
CVSS Score
5.4
EPSS Score
0.005
Published
2024-03-22
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.
CVSS Score
8.2
EPSS Score
0.002
Published
2024-03-22


Contact Us

Shodan ® - All rights reserved