The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-5806

• Severity: Awaiting analysis
• Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
• Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.
• Remediation: Follow developer guidance.
• More Info: CVE-2024-5806
• PoC: https://github.com/watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806/

CVE-2024-28397

• Severity: Awaiting analysis
• Impacted Products: js2py up to v0.74.
• Description: An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
• Remediation: Follow developer guidance.
• More Info: CVE-2024-28397
• PoC: https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape/

CVE-2024-6028

• Severity: Awaiting analysis
• Impacted Products: Quiz Maker plugin for Wordpress in all versions up to, and including, 6.5.8.3.
• Description: The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘ays_questions’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
• Remediation: Follow developer guidance.
• More Info: CVE-2024-6028
• PoC: https://github.com/truonghuuphuc/CVE-2024-6028-Poc

CVE-2024-28995

• Severity: Awaiting analysis
• Impacted Products: SolarWinds Serv-U 15.4.2 HF1 and earlier.
• Description: SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
• Remediation: Follow developer guidance here.
• More Info: CVE-2024-28995
• PoC: https://github.com/krypton-kry/CVE-2024-28995/

CVE-2024-27815

• Severity: Awaiting analysis
• Impacted Products: Apple OSs prior to OS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5.
• Description: An out-of-bounds write issue was addressed with improved input validation. An app may be able to execute arbitrary code with kernel privileges.
• Remediation: Follow developer guidance here.
• More Info: CVE-2024-27815
• PoC: https://github.com/jprx/CVE-2024-27815/

CVE-2024-4577

• Severity: 9.8 CRITICAL
• Impacted Products: PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages.
• Description: Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
• Remediation: Follow developer guidance.
• More Info: CVE-2024-4577
• PoC: https://github.com/watchtowrlabs/CVE-2024-4577/

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.