» 2023 » 7월

CVE-2023-36091

Posted on 2023년 7월 31일2023년 8월 1일 by admin

CVE-2023-36091

** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Source: CVE-2023-36091

CVE-2023-36089

Posted on 2023년 7월 31일2023년 8월 1일 by admin

CVE-2023-36089

** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Source: CVE-2023-36089

CVE-2020-21881

Posted on 2023년 7월 31일2023년 8월 1일 by admin

CVE-2020-21881

Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.

Source: CVE-2020-21881

CVE-2020-21662

Posted on 2023년 7월 31일2023년 8월 1일 by admin

CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF.

Source: CVE-2020-21662

CVE-2023-35861

Posted on 2023년 7월 31일2023년 7월 31일 by admin

CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.

Source: CVE-2023-35861

CVE-2023-37647

Posted on 2023년 7월 31일2023년 7월 31일 by admin

CVE-2023-37647

SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.

Source: CVE-2023-37647

CVE-2023-3292

Posted on 2023년 7월 31일2023년 7월 31일 by admin

CVE-2023-3292

The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Source: CVE-2023-3292

CVE-2023-3508

Posted on 2023년 7월 31일2023년 7월 31일 by admin

CVE-2023-3508

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks

Source: CVE-2023-3508

CVE-2023-3134

Posted on 2023년 7월 31일2023년 7월 31일 by admin

CVE-2023-3134

The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.

Source: CVE-2023-3134

CVE-2023-3507

Posted on 2023년 7월 31일2023년 7월 31일 by admin

CVE-2023-3507

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack

Source: CVE-2023-3507