Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2024
CVE-2024-35083
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-23
CVE-2024-35084
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-23
CVE-2024-35085
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-05-23
CVE-2024-35086
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml .
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-23
CVE-2024-34927
A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-23
CVE-2024-34928
A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-05-23
CVE-2024-34929
A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-23
CVE-2024-34930
A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-23
CVE-2024-34931
A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-23
CVE-2024-5085
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS Score
8.1
EPSS Score
0.044
Published
2024-05-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved