Vulnerability Summary for the Week of October 14, 2024

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
Acespritech Solutions Pvt. Ltd.–Social Link Groups
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0. 2024-10-20 8.5 CVE-2024-49619 audit@patchstack.com
 
acm309–PutongOJ
 
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. 2024-10-17 9.1 CVE-2024-48920 This article has been indexed from Bulletins

Read the original article:

Discover more from IT Security News

Subscribe now to keep reading and get access to the full archive.

Continue reading