Skip to main content
CVE-2024-45622 CRITICAL POC THREAT Act Now

ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
36.3%
CVE-2024-45623 CRITICAL Act Now

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Buffer Overflow PHP Code Injection Apache +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-45522 CRITICAL PATCH Act Now

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Linen
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6919 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nacpremium
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-43773 CRITICAL Act Now

SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-43772 CRITICAL Act Now

SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
9.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy