Security Vulnerabilities - CVEs Published In August 2024
A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.024
Published
2024-08-19
A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/E_bak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-08-19
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.
CVSS Score
4.7
EPSS Score
0.002
Published
2024-08-19
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-08-19
Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.
CVSS Score
9.9
EPSS Score
0.019
Published
2024-08-19
Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-08-19
Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.
CVSS Score
10.0
EPSS Score
0.006
Published
2024-08-19
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.
CVSS Score
9.0
EPSS Score
0.057
Published
2024-08-19
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1.
CVSS Score
9.0
EPSS Score
0.015
Published
2024-08-19
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter
CVSS Score
9.8
EPSS Score
0.144
Published
2024-08-19