4 matches found
CVE-2023-0454
creationtimestamp| type| source ---|---|--- 2023-02-01 07:13:47+00:00| seen| https://t.me/cibsecurity/57235...
CVE-2023-0454
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
CVE-2023-0454
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path...
CVE-2023-0454
OrangeScrum 2.0.11 is affected by a path traversal vulnerability. An authenticated external attacker can delete arbitrary local files on the server due to an unsanitized attacker-controlled parameter used to construct internal paths. The CVE-2023-0454 entry does not specify a remediation in the p...