Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2024
CVE-2024-48218
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-10-25
CVE-2024-48222
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-10-25
CVE-2024-48223
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-10-25
CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-10-25
CVE-2024-48225
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-25
CVE-2024-48226
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-10-25
CVE-2024-49766
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.
CVSS Score
6.3
EPSS Score
0.014
Published
2024-10-25
CVE-2024-49767
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
CVSS Score
6.9
EPSS Score
0.011
Published
2024-10-25
CVE-2024-37846
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
CVSS Score
4.6
EPSS Score
0.002
Published
2024-10-25
CVE-2024-37847
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-10-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved