Lista CVE 2024/5xxx

CVE nel gruppo: 5xxx

CVE-2024-5021 (N/A)

CVE-2024-5022 (WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery)

CVE-2024-5023 (N/A)

CVE-2024-5024 (Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE)

CVE-2024-5025 (MemberPress <= 1.11.29 - Reflected Cross-Site Scripting via mepr_screenname and mepr_key Parameters)

CVE-2024-5028 (MemberPress <= 1.11.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via arglist Parameter)

CVE-2024-5029 (CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF)

CVE-2024-5030 (CM Table Of Contents – WordPress TOC Plugin < 1.2.4 - Stored XSS via CSRF)

CVE-2024-5031 (CM Table Of Contents – WordPress TOC Plugin < 1.2.3 - Settings Reset via CSRF)

CVE-2024-5032 (MemberPress <= 1.11.29 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode)

CVE-2024-5033 (SULly < 4.3.1 - Reflected XSS)

CVE-2024-5034 (SULly < 4.3.1 - Admin+ Stored XSS via CSRF)

CVE-2024-5035 (SULly < 4.3.1 - Plugin Reset via CSRF)

CVE-2024-5036 (TP-Link Archer C5400X – RFTest Unauthenticated Command Injection)

CVE-2024-5037 (Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting)

CVE-2024-5038 (Openshift/telemeter: iss check during jwt authentication can be bypassed)

CVE-2024-5039 (Colibri Page Builder <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode)

CVE-2024-5040 (HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode)

CVE-2024-5041 (LCDS LAquis SCADA Path Traversal)

CVE-2024-5042 (Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion)

CVE-2024-5043 (Submariner-operator: rbac permissions can allow for the spread of node compromises)

CVE-2024-5044 (Emlog Pro setting.php unrestricted upload)

CVE-2024-5045 (Emlog Pro Cookie improper authentication)

CVE-2024-5046 (SourceCodester Online Birth Certificate Management System admin file access)

CVE-2024-5047 (SourceCodester Online Examination System registeracc.php sql injection)

CVE-2024-5048 (SourceCodester Student Management System controller.php unrestricted upload)

CVE-2024-5049 (code-projects Budget Management index.php sql injection)

CVE-2024-5050 (Codezips E-Commerce Site editproduct.php unrestricted upload)

CVE-2024-5051 (Wangshen SecGate 3600 ?g=log_import_save unrestricted upload)

CVE-2024-5052 (SourceCodester Gas Agency Management System edituser.php sql injection)

CVE-2024-5053 (Resource consumption vulnerability in Cerberus FTP Enterprise)

CVE-2024-5055 (Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification)

CVE-2024-5056 (Vulnerability of uncontrolled resource consumption in XAMPP)

CVE-2024-5057 (N/A)

CVE-2024-5058 (WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability)

CVE-2024-5059 (WordPress Typing Text plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability)

CVE-2024-5060 (WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability)

CVE-2024-5061 (LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-5062 (Enfold <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters)

CVE-2024-5063 (Reflected XSS through survey redirect parameter in zenml-io/zenml)