The Ruijie Reyee Cloud Web Controller allows the user to use a diagnostic tool which includes a ping check to ensure connection to the intended network, but the ip address input form is not validated properly and allows the user to perform OS command injection. In other side, Ruijie Reyee Cloud based Device will make polling request to Ruijie Reyee CWMP server to ask if there's any command from web controller need to be executed. After analyze the network capture that come from the device, the connection for pooling request to Ruijie Reyee CWMP server is unencrypted HTTP request. Because of unencrypted HTTP request that come from Ruijie Reyee Cloud based Device, attacker could make fake server using Man-in-The-Middle (MiTM) attack and send arbitrary commands to execute on the cloud based device that make CWMP request to fake server. Once the attacker have gained access, they can execute arbitrary commands on the system or application, potentially compromising sensitive data, installing malware, or taking control of the system.
Media Library Assistant Wordpress Plugin in version < 3.10 is affected by an unauthenticated remote reference to Imagick() conversion which allows attacker to perform LFI and RCE depending on the Imagick configuration on the remote server. The affected page is: wp-content/plugins/media-library-assistant/includes/mla-stream-image.php
This exploit allows an attacker to execute arbitrary JavaScript code on the target Wordpress website. By adding a malicious payload in the comment section of a published playlist, the attacker can trigger the XSS vulnerability and potentially perform actions on behalf of the user.
The BoidCMS v2.0.0 allows authenticated users to upload files, which can lead to remote code execution. This vulnerability can be exploited by an attacker with valid admin credentials to upload a malicious PHP shell script and execute arbitrary commands on the server. The vulnerability has been assigned CVE-2023-38836.
A low-privilege user who holds a role that has the `edit_user` capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
The location_id parameter in Shuttle-Booking-Software v1.0 is vulnerable to SQL injection attacks. An attacker can exploit this vulnerability to steal information from the database.
This exploit allows an unauthenticated user to create an admin account in Crypto Currency Tracker (CCT) version 9.5. By sending a POST request to the /en/user/register endpoint with the required parameters, the attacker can create a new admin account without proper authentication.
The Online ID Generator 1.0 software is vulnerable to remote code execution (RCE) due to a bypass login SQL injection vulnerability and a shell upload exploit. An attacker can exploit these vulnerabilities to execute arbitrary code on the target system.
The Webedition CMS v2.9.8.8 is vulnerable to a blind Server-Side Request Forgery (SSRF) attack. An attacker can exploit this vulnerability by sending a crafted request to the rpc.php file, specifically the widgetGetRss function. By manipulating the we_cmd[0] parameter, an attacker can make the server send a request to a specified URL, potentially bypassing access controls and retrieving sensitive information.
Under certain conditions, an authenticated privileged user can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server.
Services By CQR
