Update Fri Jun 7 18:07:12 UTC 2024

trickest · Jun 7, 2024 · fcf8081 · fcf8081
1 parent 18d38c7
commit fcf8081
Show file tree

Hide file tree

Showing 9 changed files with 14 additions and 6 deletions.
diff --git a/2024/CVE-2024-0252.md b/2024/CVE-2024-0252.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0252)
 ![](https://img.shields.io/static/v1?label=Product&message=ADSelfService%20Plus&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
 
 ### Description
 

diff --git a/2024/CVE-2024-0253.md b/2024/CVE-2024-0253.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0253)
 ![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
 
 ### Description
 

diff --git a/2024/CVE-2024-0269.md b/2024/CVE-2024-0269.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-0269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0269)
 ![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
 
 ### Description
 

diff --git a/2024/CVE-2024-21775.md b/2024/CVE-2024-21775.md
@@ -1,7 +1,7 @@
 ### [CVE-2024-21775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21775)
 ![](https://img.shields.io/static/v1?label=Product&message=Exchange%20Reporter%20Plus&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
 
 ### Description
 

diff --git a/2024/CVE-2024-24399.md b/2024/CVE-2024-24399.md
@@ -11,6 +11,7 @@ An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated att
 
 #### Reference
 - https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html
+- https://www.exploit-db.com/exploits/51949
 
 #### Github
 - https://github.com/capture0x/My-CVE

diff --git a/2024/CVE-2024-24520.md b/2024/CVE-2024-24520.md
@@ -10,7 +10,8 @@ An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html
+- https://www.exploit-db.com/exploits/51949
 
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub

diff --git a/2024/CVE-2024-25415.md b/2024/CVE-2024-25415.md
@@ -12,6 +12,7 @@ A remote code execution (RCE) vulnerability in /admin/define_language.php of CE
 #### Reference
 - https://github.com/capture0x/Phoenix
 - https://packetstormsecurity.com/files/175913/CE-Phoenix-1.0.8.20-Remote-Command-Execution.html
+- https://www.exploit-db.com/exploits/51957
 
 #### Github
 - https://github.com/capture0x/My-CVE

diff --git a/2024/CVE-2024-27622.md b/2024/CVE-2024-27622.md
@@ -10,7 +10,7 @@ A remote code execution vulnerability has been identified in the User Defined Ta
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://packetstormsecurity.com/files/177241/CMS-Made-Simple-2.2.19-Remote-Code-Execution.html
 
 #### Github
 - https://github.com/capture0x/My-CVE

diff --git a/references.txt b/references.txt
@@ -95061,6 +95061,7 @@ CVE-2024-24396 - https://cves.at/posts/cve-2024-24396/writeup/
 CVE-2024-24397 - https://cves.at/posts/cve-2024-24397/writeup/
 CVE-2024-24398 - https://cves.at/posts/cve-2024-24398/writeup/
 CVE-2024-24399 - https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html
+CVE-2024-24399 - https://www.exploit-db.com/exploits/51949
 CVE-2024-2441 - https://wpscan.com/vulnerability/9647e273-5724-4a02-868d-9b79f4bb2b79/
 CVE-2024-2444 - https://wpscan.com/vulnerability/214e5fd7-8684-418a-b67d-60b1dcf11a48/
 CVE-2024-24468 - https://github.com/tang-0717/cms/blob/main/3.md
@@ -95077,6 +95078,8 @@ CVE-2024-24506 - https://bugs.limesurvey.org/bug_relationship_graph.php?bug_id=1
 CVE-2024-24506 - https://www.exploit-db.com/exploits/51926
 CVE-2024-24511 - https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24511%20-%3E%20Stored%20XSS%20in%20input%20Title%20of%20the%20Component
 CVE-2024-24512 - https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component
+CVE-2024-24520 - https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html
+CVE-2024-24520 - https://www.exploit-db.com/exploits/51949
 CVE-2024-24524 - https://github.com/harryrabbit5651/cms/blob/main/1.md
 CVE-2024-2453 - https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01
 CVE-2024-24543 - https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0130/setSchedWifi.md
@@ -95260,6 +95263,7 @@ CVE-2024-25414 - https://github.com/capture0x/CSZ_CMS
 CVE-2024-25414 - https://packetstormsecurity.com/files/175889/CSZ-CMS-1.3.0-Shell-Upload.html
 CVE-2024-25415 - https://github.com/capture0x/Phoenix
 CVE-2024-25415 - https://packetstormsecurity.com/files/175913/CE-Phoenix-1.0.8.20-Remote-Command-Execution.html
+CVE-2024-25415 - https://www.exploit-db.com/exploits/51957
 CVE-2024-25417 - https://github.com/Carl0724/cms/blob/main/3.md
 CVE-2024-25418 - https://github.com/Carl0724/cms/blob/main/2.md
 CVE-2024-25419 - https://github.com/Carl0724/cms/blob/main/1.md
@@ -95538,6 +95542,7 @@ CVE-2024-2761 - https://wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5
 CVE-2024-27619 - https://github.com/ioprojecton/dir-3040_dos
 CVE-2024-27619 - https://www.dlink.com/en/security-bulletin/
 CVE-2024-27620 - https://packetstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.html
+CVE-2024-27622 - https://packetstormsecurity.com/files/177241/CMS-Made-Simple-2.2.19-Remote-Code-Execution.html
 CVE-2024-27625 - https://packetstormsecurity.com/files/177243/CMS-Made-Simple-2.2.19-Cross-Site-Scripting.html
 CVE-2024-27626 - https://packetstormsecurity.com/files/177239/Dotclear-2.29-Cross-Site-Scripting.html
 CVE-2024-27627 - https://packetstormsecurity.com/files/177254/SuperCali-1.1.0-Cross-Site-Scripting.html