Lucene search
K

59 matches found

nvd
nvd
added 2021/08/27 11:15 p.m.39 views

CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

8.8CVSS0.29172EPSS
Exploits2References3
nvd
nvd
added 2021/08/27 11:15 p.m.35 views

CVE-2021-39173

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

8.8CVSS0.02362EPSS
Exploits1References3
prion
prion
added 2021/08/27 11:15 p.m.20 views

Input validation

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

6.5CVSS8.8AI score0.02362EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2021/08/27 11:0 p.m.39 views

CVE-2021-39173 Forced reinstall

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

8.8CVSS9AI score0.02362EPSS
Exploits1References3
cve
cve
added 2021/08/27 11:0 p.m.119 views

CVE-2021-39173

CVE-2021-39173 affects Cachet (PHP-based open source status page) and describes a vulnerability where, before version 2.5.1, authenticated users could trigger a reinstall through the setup flow, potentially enabling arbitrary code execution on the server. The underlying issue stemmed from a lack ...

8.8CVSS8.8AI score0.02362EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2021/08/27 10:50 p.m.42 views

CVE-2021-39172 New line injection during configuration edition

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...

8.8CVSS9.2AI score0.29172EPSS
Exploits2References3
cve
cve
added 2021/08/27 10:50 p.m.131 views

CVE-2021-39172

Cachet (open source status page system) prior to version 2.5.1 is vulnerable to a new line injection in the configuration edition feature (e.g., mail settings) that allows authenticated users, regardless of privilege, to achieve arbitrary code execution on the server. Root cause: insertion of new...

8.8CVSS9AI score0.29172EPSS
Exploits2References3Affected Software1
cnnvd
cnnvd
added 2021/08/27 12:0 a.m.8 views

Cachet 注入漏洞

Github Cachet is a software application. An open source status page system. Cachet suffers from an injection vulnerability that stems from the fact that prior to version 2.5.1, an authenticated user, regardless of privileges user or administrator, could inject and obtain arbitrary code execution ...

8.8CVSS8.6AI score0.29172EPSS
Exploits2References4
ptsecurity
ptsecurity
added 2021/08/27 12:0 a.m.9 views

PT-2021-22431 · Cachet · Cachet

Name of the Vulnerable Software and Affected Versions: Cachet versions prior to 2.5.1 Description: Cachet is an open source status page system. Authenticated users, regardless of their privileges, can trick Cachet and install the instance again, leading to arbitrary code execution on the server...

8.8CVSS8.8AI score0.02362EPSS
Exploits1References9
cnnvd
cnnvd
added 2021/08/27 12:0 a.m.3 views

Cachet 代码问题漏洞

Github Cachet is a software application. An open source status page system. Cachet suffers from a security vulnerability that stems from the fact that prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, could spoof Cachet and install instances again. An...

8.8CVSS8.1AI score0.02362EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2021/08/27 12:0 a.m.13 views

PT-2021-22432 · Cachet · Cachet

Name of the Vulnerable Software and Affected Versions: Cachet versions prior to 2.5.1 Description: Cachet is an open source status page system. Authenticated users, regardless of their privileges, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APP KE...

8.8CVSS8.3AI score0.03894EPSS
Exploits2References12
osv
osv
added 2021/08/26 9:15 p.m.30 views

CVE-2021-39165

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

6.5CVSS6.8AI score0.09752EPSS
Exploits2References2
nvd
nvd
added 2021/08/26 9:15 p.m.56 views

CVE-2021-39165

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

8.1CVSS0.09752EPSS
Exploits2References2
prion
prion
added 2021/08/26 9:15 p.m.25 views

Sql injection

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

5CVSS6.7AI score0.09752EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2021/08/26 8:25 p.m.54 views

CVE-2021-39165 Unauthenticated SQL Injection

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...

8.1CVSS8.6AI score0.09752EPSS
Exploits2References2
cve
cve
added 2021/08/26 8:25 p.m.158 views

CVE-2021-39165

Cachet

8.1CVSS7AI score0.09752EPSS
Exploits2References2Affected Software1
cnnvd
cnnvd
added 2021/08/26 12:0 a.m.6 views

Github Cachet SQL注入漏洞

Github Cachet is a software application. An open source status page system. A SQL injection vulnerability exists in versions prior to Cachet 2.3.18, which can be exploited by unauthenticated attackers to steal sensitive data such as administrator passwords and sessions from the database...

8.1CVSS7.3AI score0.09752EPSS
Exploits2References2
krebs
krebs
added 2019/10/25 12:50 a.m.51 views

Cachet Financial Reeling from MyPayrollHR Fraud

When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway...

6.9AI score
Exploits0
krebs
krebs
added 2019/09/11 3:2 p.m.134 views

NY Payroll Company Vanishes With $35 Million

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company's CEO, resulted in...

6.9AI score
Exploits0
Rows per page
Query Builder