CVE-2024-6950

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272072.

Related Vulnerabilities

CVE-2017-18468

MEDIUM
CVSS:6.3(Medium)

cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).

CWE-942017

CVE-2018-20931

MEDIUM
CVSS:6.3(Medium)

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

CWE-942018

CVE-2019-1577

MEDIUM
CVSS:6.3(Medium)

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.

CWE-942019

CVE-2020-11056

MEDIUM
CVSS:6.3(Medium)

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has...

CWE-942020

CVE-2023-26877

MEDIUM
CVSS:6.3(Medium)

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint.

CWE-942023

CVE-2023-27897

MEDIUM
CVSS:6.3(Medium)

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an ...

CWE-942023