CVE-2024-39015

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-94
View all →

Vulnerability Description

cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Related Vulnerabilities

CVE-2006-3136

CRITICAL
CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nu...

CWE-942006

CVE-2006-5021

CRITICAL
CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parame...

CWE-942006

CVE-2006-5610

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code...

CWE-942006

CVE-2006-6975

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disp...

CWE-942006

CVE-2006-7105

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclo...

CWE-942006

CVE-2007-4290

CRITICAL
CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, ...

CWE-942007