CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/bughuntar/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/bughuntar/CVE-2024-4577
GitHub
GitHub - bughuntar/CVE-2024-4577: CVE-2024-4577 Exploits
CVE-2024-4577 Exploits. Contribute to bughuntar/CVE-2024-4577 development by creating an account on GitHub.
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/LGenAgul/CVE-2023-4220-Proof-of-concept
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/LGenAgul/CVE-2023-4220-Proof-of-concept
GitHub
GitHub - LGenAgul/CVE-2023-4220-Proof-of-concept: Chamilo LMS Unauthenticated Big Upload File that allows remote code execution
Chamilo LMS Unauthenticated Big Upload File that allows remote code execution - LGenAgul/CVE-2023-4220-Proof-of-concept
CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/MrW0l05zyn/cve-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/MrW0l05zyn/cve-2024-0044
GitHub
GitHub - MrW0l05zyn/cve-2024-0044: CVE-2024-0044
CVE-2024-0044. Contribute to MrW0l05zyn/cve-2024-0044 development by creating an account on GitHub.