Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
CVE-2024-51065
Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51066
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-10-31
CVE-2023-52044
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-10-31
CVE-2023-52045
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-10-31
CVE-2024-51255
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51260
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51254
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-51259
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-31
CVE-2024-43984
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
CVSS Score
9.6
EPSS Score
0.0
Published
2024-10-31
CVE-2024-49685
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved