CVEbaza.plCWE DictionaryCWE-707
Common Weakness Enumeration

CWE-707

Improper Neutralization

Category: PillarCVE: 253
Description

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

CVE vulnerabilities with CWE-707 (253)
9.2
CVSS
CRITICAL
CVE-2024-10914

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

pub. 2024-11-06
9.2
CVSS
CRITICAL
CVE-2024-10915

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

pub. 2024-11-06
8.8
CVSS
HIGH
CVE-2023-42773

Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2024-05-16
8.8
CVSS
HIGH
CVE-2023-46689

Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2024-05-16
8.7
CVSS
HIGH
CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

pub. 2020-04-30
7.8
CVSS
HIGH
CVE-2024-43572

Microsoft Management Console Remote Code Execution Vulnerability

pub. 2024-10-08🚩 CISA KEV⚡ EXPLOIT
7.8
CVSS
HIGH
CVE-2024-21864

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.

pub. 2024-05-16
7.5
CVSS
HIGH
CVE-2023-6123

Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.

pub. 2024-02-15
7.5
CVSS
HIGH
CVE-2019-10052

An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.

pub. 2019-08-28
7.5
CVSS
HIGH
CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.

pub. 2018-08-27
7.3
CVSS
HIGH
CVE-2022-4088

A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability.

pub. 2022-11-24
7.3
CVSS
HIGH
CVE-2022-3972

A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213551.

pub. 2022-11-13
7.3
CVSS
HIGH
CVE-2022-3973

A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213552.

pub. 2022-11-13
7.3
CVSS
HIGH
CVE-2022-3955

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213461 was assigned to this vulnerability.

pub. 2022-11-11
7.3
CVSS
HIGH
CVE-2022-3878

A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.

pub. 2022-11-07
7.3
CVSS
HIGH
CVE-2022-3583

A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-211192.

pub. 2022-10-18
7.3
CVSS
HIGH
CVE-2022-3495

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784.

pub. 2022-10-14
7.0
CVSS
HIGH
CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

pub. 2025-03-11🚩 CISA KEV⚡ EXPLOIT
6.9
CVSS
MEDIUM
CVE-2025-24921

Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

pub. 2025-08-12
6.9
CVSS
MEDIUM
CVE-2025-0697

A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

pub. 2025-01-24
Showing 20 of 253 vulnerabilities
Information
ID: CWE-707
Type: Pillar
Vulnerabilities: 253
MITRE CWE ↗
← CWE Dictionary