Zhongdongxu

#12999of 53,635
20.5Total CVSS
Vulnerabilities · 3
Medium
2
Critical
1
PT-2024-20318
9.8
2024-02-08
Supabase · Supabase Postgresql · CVE-2024-24213
**Name of the Vulnerable Software and Affected Versions** Supabase PostgreSQL version 15.1 **Description** A SQL injection issue was discovered via the component /pg meta/default/query. However, the vendor's position is that this is an intended feature, existing in the Supabase dashboard product for authorized users to enter SQL queries in a designated UI, with no injection occurring. **Recommendations** For Supabase PostgreSQL version 15.1, consider restricting access to the /pg meta/default/query component to authorized users only, as it is intended for use within a specific UI. Additionally, ensure that all SQL queries entered through this component are thoroughly validated and sanitized to prevent any potential issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-20319
5.3
2024-02-08
Cellinx · Cellinx Nvt Web Server · CVE-2024-24215
**Name of the Vulnerable Software and Affected Versions** Cellinx NVT Web Server version 5.0.0.014 **Description** An issue in the component /cgi-bin/GetJsonValue.cgi allows attackers to leak configuration information via a crafted POST request to the "GetJsonValue.cgi" endpoint. **Recommendations** For Cellinx NVT Web Server version 5.0.0.014, consider restricting access to the /cgi-bin/GetJsonValue.cgi component until a patch is available. As a temporary workaround, avoid using the component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-31604
5.4
2023-12-11
Unknown · Cute Http File Server · CVE-2023-50639
**Name of the Vulnerable Software and Affected Versions** CuteHttpFileServer versions 1.0 through 2.0 **Description** A Cross Site Scripting (XSS) issue allows attackers to obtain sensitive information via the file upload function on the home page. **Recommendations** For CuteHttpFileServer versions 1.0 and 2.0, consider disabling the file upload function until a patch is available. Restrict access to the home page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.