Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2024
CVE-2024-33402
A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-05-28
CVE-2024-35403
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules
CVSS Score
2.7
EPSS Score
0.0
Published
2024-05-28
CVE-2024-34852
F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands.
CVSS Score
6.3
EPSS Score
0.008
Published
2024-05-28
CVE-2024-34854
F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`
CVSS Score
9.8
EPSS Score
0.009
Published
2024-05-28
CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-05-28
CVE-2024-33800
A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-28
CVE-2024-33801
A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-28
CVE-2024-33802
A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-05-28
CVE-2024-33803
A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-05-28
CVE-2024-33804
A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-05-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved