Security Vulnerabilities - CVEs Published In November 2023
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-11-07
A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-11-07
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVSS Score
6.1
EPSS Score
0.894
Published
2023-11-07
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.
CVSS Score
9.1
EPSS Score
0.0
Published
2023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-11-07
Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-11-07
RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-11-07
RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-11-07
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.
CVSS Score
8.8
EPSS Score
0.051
Published
2023-11-07