Lista CVE 2024/5xxx

CVE nel gruppo: 5xxx

CVE-2024-5043 (N/A)

CVE-2024-5044 (Emlog Pro setting.php unrestricted upload)

CVE-2024-5045 (Emlog Pro Cookie improper authentication)

CVE-2024-5046 (SourceCodester Online Birth Certificate Management System admin file access)

CVE-2024-5047 (SourceCodester Online Examination System registeracc.php sql injection)

CVE-2024-5048 (SourceCodester Student Management System controller.php unrestricted upload)

CVE-2024-5049 (code-projects Budget Management index.php sql injection)

CVE-2024-5050 (Codezips E-Commerce Site editproduct.php unrestricted upload)

CVE-2024-5051 (Wangshen SecGate 3600 ?g=log_import_save unrestricted upload)

CVE-2024-5052 (SourceCodester Gas Agency Management System edituser.php sql injection)

CVE-2024-5053 (Resource consumption vulnerability in Cerberus FTP Enterprise)

CVE-2024-5055 (Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification)

CVE-2024-5056 (Vulnerability of uncontrolled resource consumption in XAMPP)

CVE-2024-5057 (N/A)

CVE-2024-5058 (WordPress Easy Digital Downloads plugin <= 3.2.12 - SQL Injection vulnerability)

CVE-2024-5059 (WordPress Typing Text plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability)

CVE-2024-5060 (WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability)

CVE-2024-5061 (LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor <= 1.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-5062 (Enfold <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters)

CVE-2024-5063 (Reflected XSS through survey redirect parameter in zenml-io/zenml)

CVE-2024-5064 (PHPGurukul Online Course Registration System index.php sql injection)

CVE-2024-5065 (PHPGurukul Online Course Registration System news-details.php sql injection)

CVE-2024-5066 (PHPGurukul Online Course Registration System sql injection)

CVE-2024-5067 (PHPGurukul Online Course Registration System pincode-verification.php sql injection)

CVE-2024-5069 (Exposure of Sensitive Information to an Unauthorized Actor in GitLab)

CVE-2024-5071 (SourceCodester Simple Online Mens Salon Management System view_service.php sql injection)

CVE-2024-5072 (Bookster <= 1.1.0 - Unauthenticated Appointment Status Update)

CVE-2024-5073 (N/A)

CVE-2024-5074 (Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed)

CVE-2024-5075 (WP eMember < 10.6.6 - Reflected XSS)

CVE-2024-5076 (WP eMember < 10.6.6 - Reflected XSS)

CVE-2024-5077 (WP eMember < 10.6.6 - Bulk Delete via CSRF)

CVE-2024-5079 (WP eMember < 10.6.6 - Stored XSS in Blacklist via CSRF)

CVE-2024-5080 (WP eMember < 10.6.7 - Unauthenticated Stored XSS via Member Registration)

CVE-2024-5081 (WP eMember < 10.6.6 - Admin+ Arbitrary File Upload)

CVE-2024-5082 (WP eMember <= v10.7.0 - Stored XSS via CSRF)

CVE-2024-5083 (Nexus Repository 2 – Remote Code Execution)

CVE-2024-5084 (Nexus Repository 2 – Stored XSS)

CVE-2024-5085 (Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution)

CVE-2024-5086 (Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection)

CVE-2024-5087 (Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel Widget)

CVE-2024-5088 (Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change)

CVE-2024-5089 (Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting)

CVE-2024-5090 (N/A)

CVE-2024-5091 (SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget)

CVE-2024-5092 (SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets)

CVE-2024-5093 (Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets)

CVE-2024-5094 (SourceCodester Best House Rental Management System login.php sql injection)

CVE-2024-5095 (SourceCodester Best House Rental Management System view_payment.php sql injection)

CVE-2024-5096 (Victor Zsviot Camera MQTT Packet denial of service)

CVE-2024-5097 (Hipcam Device MAC Address wifi.mac information disclosure)

CVE-2024-5098 (SourceCodester Simple Inventory System tableedit.php#page=editprice cross-site request forgery)

CVE-2024-5099 (SourceCodester Simple Inventory System login.php sql injection)

CVE-2024-5100 (SourceCodester Simple Inventory System updateprice.php sql injection)

CVE-2024-5101 (SourceCodester Simple Inventory System tableedit.php sql injection)

CVE-2024-5102 (SourceCodester Simple Inventory System updateproduct.php sql injection)

CVE-2024-5103 (Elevation of Privelage via symlinked file in Avast Antivirus)

CVE-2024-5104 (Campcodes Complete Web-Based School Management System student_first_payment.php sql injection)

CVE-2024-5105 (Campcodes Complete Web-Based School Management System student_grade_wise.php sql injection)

CVE-2024-5106 (Campcodes Complete Web-Based School Management System student_payment_details.php sql injection)