CVE-2024-9660
published 2024-11-23CVE-2024-9660: The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.03%
59.4th percentile
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dasinfomedia | school_management_system | < 92.0.0 | 92.0.0 |
| dasinfomedia | school_management_system_for_wordpress | <= 91.5.0 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p8qg-gwmp-wh94: The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_
ghsa_unreviewed·2024-11-23
CVE-2024-9660 [HIGH] CWE-434 GHSA-p8qg-gwmp-wh94: The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Red Hat
libcdio: crafted iso image file leads to arbitrary code execution
vendor_redhat·2024-06-14·CVSS 8.4
CVE-2024-36600 [HIGH] CWE-120 libcdio: crafted iso image file leads to arbitrary code execution
libcdio: crafted iso image file leads to arbitrary code execution
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
A buffer overflow vulnerability was found in libcdio development version, which allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: libcdio (Red Hat Enterprise Linux 10) - Not affected
Package: python-pycdio (Red Hat Enterprise Linux 10) - Not affected
Package: libcdio (Red Hat Enterprise Linux 6) -
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-23
Published