Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-29197

Published: 26/03/2024 Updated: 26/03/2024

Vulnerability Summary

Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.

Github Repositories

https://github.com/mansploit/CVE-2024-29197-exploit

TENDA ROUTER AC10 - RCE (full research)

CVE-2024-29197-exploit TENDA ROUTER AC10 - RCE (full research) Vulnerability description: I found an Arbitrary Command Execution vulnerability in the router's web server-- /bin/httpd of squashfs filesystem While processing the mac parameters for a post request(when an attacker accesses ip/goform/WriteFacMac), the value is directly passed to doSystem, which causes a RCE T

References

https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445https://github.com/pimcore/pimcore/commit/3ae43fb1065f9eb62ad2f542b883858d36d57e53https://nvd.nist.govhttps://github.com/mansploit/CVE-2024-29197-exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook