CVEbaza.plSłownik CWECWE-707
Common Weakness Enumeration

CWE-707

Improper Neutralization

Kategoria: PillarCVE: 253
Opis

Produkt nie zapewnia lub nieprawidłowo zapewnia, że strukturalne wiadomości lub dane są poprawnie sformułowane i spełniają określone właściwości bezpieczeństwa przed odczytaniem z komponentu nadrzędnego lub wysłaniem do komponentu podrzędnego.

Description (EN)

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Podatności CVE z CWE-707 (253)
9.2
CVSS
CRITICAL
CVE-2024-10914

Krytyczna podatność typu command injection została odkryta w urządzeniach NAS firmy D-Link (modele DNS-320, DNS-320LW, DNS-325 i DNS-340L). Umożliwia zdalnemu atakującemu wykonanie dowolnych poleceń systemu operacyjnego bez uwierzytelnienia.

pub. 2024-11-06
9.2
CVSS
CRITICAL
CVE-2024-10915

Krytyczna podatność typu command injection w urządzeniach NAS D-Link DNS-320, DNS-320LW, DNS-325 i DNS-340L pozwala zdalnemu atakującemu na wykonanie dowolnych poleceń systemowych. Exploit został ujawniony publicznie i może być wykorzystany przez nieuprawnione osoby.

pub. 2024-11-06
8.8
CVSS
HIGH
CVE-2023-42773

Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2024-05-16
8.8
CVSS
HIGH
CVE-2023-46689

Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2024-05-16
8.7
CVSS
HIGH
CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

pub. 2020-04-30
7.8
CVSS
HIGH
CVE-2024-43572

Microsoft Management Console Remote Code Execution Vulnerability

pub. 2024-10-08🚩 CISA KEV⚡ EXPLOIT
7.8
CVSS
HIGH
CVE-2024-21864

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.

pub. 2024-05-16
7.5
CVSS
HIGH
CVE-2023-6123

Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.

pub. 2024-02-15
7.5
CVSS
HIGH
CVE-2019-10052

An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.

pub. 2019-08-28
7.5
CVSS
HIGH
CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.

pub. 2018-08-27
7.3
CVSS
HIGH
CVE-2022-4088

A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability.

pub. 2022-11-24
7.3
CVSS
HIGH
CVE-2022-3972

A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213551.

pub. 2022-11-13
7.3
CVSS
HIGH
CVE-2022-3973

A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213552.

pub. 2022-11-13
7.3
CVSS
HIGH
CVE-2022-3955

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability.

pub. 2022-11-11
7.3
CVSS
HIGH
CVE-2022-3878

A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.

pub. 2022-11-07
7.3
CVSS
HIGH
CVE-2022-3583

A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192.

pub. 2022-10-18
7.3
CVSS
HIGH
CVE-2022-3495

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784.

pub. 2022-10-14
7.0
CVSS
HIGH
CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

pub. 2025-03-11🚩 CISA KEV⚡ EXPLOIT
6.9
CVSS
MEDIUM
CVE-2025-24921

Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

pub. 2025-08-12
6.9
CVSS
MEDIUM
CVE-2025-0697

A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

pub. 2025-01-24
Pokazano 20 z 253 podatności
Informacje
ID: CWE-707
Typ: Pillar
Podatności: 253
MITRE CWE ↗
← Słownik CWE