Vulnerability Summary for the Week of November 25, 2024

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
1000 Projects–Portfolio Management System MCA	A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.	2024-11-26	7.3	CVE-2024-11744
1000 Projects–Portfolio Management System MCA	A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgot_password_process.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	2024-11-27	7.3	CVE-2024-11819
1000projects — beauty_parlour_management_system	A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulati […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of November 25, 2024 Tags: Bulletins EN Post navigation ← Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition User Tracking: Google to Store User Data for 180 Days → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts Week in review: Food sector cybersecurity risks, cyber threats to space infrastructure August 3, 2025 10 Best Dark Web Monitoring Tools in 2025 August 3, 2025 IT Security News Hourly Summary 2025-08-03 06h : 1 posts August 3, 2025 How Secure Are Your Non-Human Identities? August 3, 2025 New Linux backdoor Plague bypasses auth via malicious PAM module August 3, 2025 China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions August 3, 2025 BSidesSF 2025: Mapping The SaaS Attack Surface August 3, 2025 IT Security News Hourly Summary 2025-08-02 21h : 1 posts August 2, 2025 New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor August 2, 2025 AI-supported Cursor IDE Falls Victim to Prompt Injection Attacks August 2, 2025 Misconfigured Firewalls Plague Enterprises, Exposing Critical Security Gaps August 2, 2025 CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign August 2, 2025 IT Security News Hourly Summary 2025-08-02 18h : 3 posts August 2, 2025 FBI Issues Urgent Warning: Millions of Android Devices Compromised by Malware Operation August 2, 2025 Luxembourg Probes Cyberattack Behind Telecom Outage, Cites “Exceptionally Sophisticated” Assault August 2, 2025 FBI Warns Chrome Users Against Unofficial Updates Downloading August 2, 2025 Ransomware Defence Begins with Fundamentals Not AI August 2, 2025 Singapore Companies Struggle to Recover from Ransomware Despite Paying Hackers August 2, 2025 New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft August 2, 2025 IT Security News Hourly Summary 2025-08-02 15h : 1 posts August 2, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}

Primary
Vendor — Product

Description

Published

CVSS Score

Source Info

1000 Projects–Portfolio Management System MCA

A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

2024-11-26

7.3

CVE-2024-11744

1000 Projects–Portfolio Management System MCA

A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgot_password_process.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

2024-11-27

7.3

CVE-2024-11819

1000projects — beauty_parlour_management_system

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulati

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Vulnerability Summary for the Week of November 25, 2024

← Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition

User Tracking: Google to Store User Data for 180 Days →

High Vulnerabilities

Read the original article:

Post navigation