{"vulnerability": "cve-2024-1094", "sightings": [{"uuid": "8b4fe916-8498-448d-b383-8f60a1898917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10943", "type": "seen", "source": "https://t.me/cvedetector/10673", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10943 - Apache Banking Impersonation Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-10943 \nPublished : Nov. 12, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : An  \nauthentication bypass vulnerability exists in the affected product. The  \nvulnerability exists due to shared secrets across accounts and could allow a threat  \nactor to impersonate a user if the threat actor is able to enumerate additional  \ninformation required during authentication. \nSeverity: 9.1 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:53:59.000000Z"}, {"uuid": "08f2eb7e-d679-4f2f-802f-25200a6e6da5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10946", "type": "seen", "source": "https://t.me/cvedetector/10056", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10946 - Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10946 \nPublished : Nov. 7, 2024, 4:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file /interlib/admin/SysLib?cmdACT=inputLIBCODE&mod=batchXSL&xsl=editLIBCODE.xsl&libcodes=&ROWID=. The manipulation of the argument sql leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T06:03:03.000000Z"}, {"uuid": "3152fb39-7409-4043-85cc-ed8e6382113c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10941", "type": "seen", "source": "https://t.me/cvedetector/10044", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10941 - Firefox Malformed URI Browser Crash Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10941 \nPublished : Nov. 6, 2024, 9:15 p.m. | 40\u00a0minutes ago \nDescription : A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T23:21:33.000000Z"}, {"uuid": "7be6b886-40df-48c5-b1ce-a68cfed6d00f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10947", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113439566425368694", "content": "", "creation_timestamp": "2024-11-07T03:33:35.901547Z"}, {"uuid": "d06f9d30-1f15-4c7b-9de7-2951ccf61705", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10946", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113439566410801452", "content": "", "creation_timestamp": "2024-11-07T03:33:35.713621Z"}, {"uuid": "231ef28c-f73a-470f-a3c8-f12b82ffd025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10942", "type": "seen", "source": "https://t.me/cvedetector/20211", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10942 - All-in-One WP Migration and Backup PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10942 \nPublished : March 13, 2025, 1:15 p.m. | 40\u00a0minutes ago \nDescription : The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must export and restore a backup in order to trigger the exploit. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T15:37:06.000000Z"}, {"uuid": "c6162079-6842-4f29-93aa-3e1b67554bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10941", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113437853827357341", "content": "", "creation_timestamp": "2024-11-06T20:18:03.673788Z"}, {"uuid": "420907f8-7c2f-49b8-9ded-eada9a780a8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10944", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-14", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "5e8c9ddb-284d-40ee-9088-e47829ed3128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10943", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-14", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "f200f50c-82fa-419d-b841-540589d1344e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10945", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-14", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "6bb80b62-2f68-4e09-baf1-486758b72a5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10942", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7480", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10942\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must export and restore a backup in order to trigger the exploit.\n\ud83d\udccf Published: 2025-03-13T12:42:25.774Z\n\ud83d\udccf Modified: 2025-03-13T19:31:16.758Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0823d1d9-4f3b-4ac0-8cd1-ad208ebc325f?source=cve\n2. https://plugins.trac.wordpress.org/browser/all-in-one-wp-migration/trunk/lib/vendor/servmask/database/class-ai1wm-database-utility.php#L97\n3. https://plugins.trac.wordpress.org/changeset/3253940/", "creation_timestamp": "2025-03-13T19:42:40.000000Z"}, {"uuid": "754d3d37-d7c9-4cdf-9622-520d7533c314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10944", "type": "seen", "source": "https://t.me/cvedetector/10674", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10944 - Vulnerable Product Agent Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-10944 \nPublished : Nov. 12, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : A Remote  \nCode Execution vulnerability exists in the affected product. The vulnerability requires  \na high level of permissions and exists due to improper input validation resulting  \nin the possibility of a malicious Updated Agent being deployed. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T18:54:01.000000Z"}, {"uuid": "09722e77-1edc-478f-9279-fcc89c30a24d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10947", "type": "seen", "source": "https://t.me/cvedetector/10055", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10947 - Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10947 \nPublished : Nov. 7, 2024, 4:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. The manipulation of the argument bookrecno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-07T06:03:03.000000Z"}, {"uuid": "6d8a3d70-d8bb-4541-a9a4-6fa40b6160a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10943", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113471054051069316", "content": "", "creation_timestamp": "2024-11-12T17:01:18.921237Z"}, {"uuid": "bac43262-e9e3-490c-9aa8-211aed6f5e04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10945", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113471093683272747", "content": "", "creation_timestamp": "2024-11-12T17:11:24.206169Z"}, {"uuid": "298bb501-09f4-4de7-a07d-76375e7d0ff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10944", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113471093668002487", "content": "", "creation_timestamp": "2024-11-12T17:11:24.390085Z"}]}