Security Vulnerabilities - CVEs Published In May 2024
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.
CVSS Score
9.3
EPSS Score
0.011
Published
2024-05-30
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-05-30
A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-05-30
A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-05-30
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_item. Manipulating the argument id can result in SQL injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-05-30
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS.
CVSS Score
7.1
EPSS Score
0.007
Published
2024-05-30
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-05-30
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1.
CVSS Score
7.5
EPSS Score
0.03
Published
2024-05-30
MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
3.5
EPSS Score
0.003
Published
2024-05-30
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-05-30