Weekly Vulnerabilities Reports > December 30, 2024 to January 5, 2025
Overview
101 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 42 products from 30 vendors including Phpgurukul, Code Projects, Ashlar, Campcodes, and Wangl1989. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Out-of-bounds Write", "Missing Authorization", and "Cross-Site Request Forgery (CSRF)".
- 87 reported vulnerabilities are remotely exploitables.
- 58 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 52 reported vulnerabilities are exploitable by an anonymous user.
- Phpgurukul has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Code Projects has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
23 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2025-01-04 | CVE-2024-12583 | The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. | 9.9 | |
2025-01-05 | CVE-2025-0233 | Codezips | SQL Injection vulnerability in Codezips Project Management System 1.0 A vulnerability was found in Codezips Project Management System 1.0. | 9.8 |
2025-01-05 | CVE-2025-0230 | Fabianros | SQL Injection vulnerability in Fabianros Responsive Hotel Site 1.0 A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0. | 9.8 |
2025-01-05 | CVE-2025-0229 | Fabianros | SQL Injection vulnerability in Fabianros Travel Management System 1.0 A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. | 9.8 |
2025-01-05 | CVE-2024-13136 | Wangl1989 | Deserialization of Untrusted Data vulnerability in Wangl1989 Mysiteforme 1.0 A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. | 9.8 |
2025-01-04 | CVE-2025-0213 | Campcodes | Unrestricted Upload of File with Dangerous Type vulnerability in Campcodes Project Management System 1.0 A vulnerability was found in Campcodes Project Management System 1.0. | 9.8 |
2025-01-04 | CVE-2025-0212 | Campcodes | SQL Injection vulnerability in Campcodes Student Grading System 1.0 A vulnerability was found in Campcodes Student Grading System 1.0. | 9.8 |
2025-01-04 | CVE-2025-0211 | Campcodes | Unspecified vulnerability in Campcodes School Faculty Scheduling System 1.0 A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. | 9.8 |
2025-01-04 | CVE-2025-0210 | Campcodes | SQL Injection vulnerability in Campcodes School Faculty Scheduling System 1.0 A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. | 9.8 |
2025-01-04 | CVE-2025-0207 | Code Projects | SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. | 9.8 |
2025-01-04 | CVE-2025-0208 | Code Projects | SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. | 9.8 |
2025-01-04 | CVE-2025-0205 | Code Projects | SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. | 9.8 |
2025-01-04 | CVE-2025-0204 | Code Projects | SQL Injection vulnerability in Code-Projects Online Shoe Store 1.0 A vulnerability was found in code-projects Online Shoe Store 1.0. | 9.8 |
2025-01-04 | CVE-2025-0203 | Code Projects | SQL Injection vulnerability in Code-Projects Student Management System 1.0 A vulnerability was found in code-projects Student Management System 1.0. | 9.8 |
2025-01-02 | CVE-2023-47188 | Presstigers | Missing Authorization vulnerability in Presstigers Simple JOB Board Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through 2.10.5. | 9.8 |
2024-12-31 | CVE-2024-13085 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. | 9.8 |
2024-12-31 | CVE-2024-13084 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. | 9.8 |
2024-12-31 | CVE-2024-13072 | 1000Projects | SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0 A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. | 9.8 |
2024-12-30 | CVE-2024-56801 | Infotel | SQL Injection vulnerability in Infotel Tasklists Tasklists provides plugin tasklists for GLPI. | 9.8 |
2024-12-30 | CVE-2024-13037 | 1000Projects | SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0 A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. | 9.8 |
2024-12-30 | CVE-2024-13035 | Code Projects | SQL Injection vulnerability in Code-Projects Chat System 1.0 A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. | 9.8 |
2024-12-31 | CVE-2024-12108 | Progress | Authentication Bypass by Spoofing vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | 9.6 |
2024-12-30 | CVE-2024-22063 | ZTE | Improper Neutralization of Formula Elements in a CSV File vulnerability in ZTE Zenic ONE R58 The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. | 9.0 |
34 High Vulnerabilities
44 Medium Vulnerabilities
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|