59 matches found
CVE-2021-39172
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2021-39173
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...
Input validation
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...
CVE-2021-39173 Forced reinstall
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...
CVE-2021-39173
CVE-2021-39173 affects Cachet (PHP-based open source status page) and describes a vulnerability where, before version 2.5.1, authenticated users could trigger a reinstall through the setup flow, potentially enabling arbitrary code execution on the server. The underlying issue stemmed from a lack ...
CVE-2021-39172 New line injection during configuration edition
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, can exploit a new line injection in the configuration edition feature e.g. mail settings and gain arbitrary code execution on the server. This issue was addresse...
CVE-2021-39172
Cachet (open source status page system) prior to version 2.5.1 is vulnerable to a new line injection in the configuration edition feature (e.g., mail settings) that allows authenticated users, regardless of privilege, to achieve arbitrary code execution on the server. Root cause: insertion of new...
Cachet 注入漏洞
Github Cachet is a software application. An open source status page system. Cachet suffers from an injection vulnerability that stems from the fact that prior to version 2.5.1, an authenticated user, regardless of privileges user or administrator, could inject and obtain arbitrary code execution ...
PT-2021-22431 · Cachet · Cachet
Name of the Vulnerable Software and Affected Versions: Cachet versions prior to 2.5.1 Description: Cachet is an open source status page system. Authenticated users, regardless of their privileges, can trick Cachet and install the instance again, leading to arbitrary code execution on the server...
Cachet 代码问题漏洞
Github Cachet is a software application. An open source status page system. Cachet suffers from a security vulnerability that stems from the fact that prior to version 2.5.1, authenticated users, regardless of their privileges User or Admin, could spoof Cachet and install instances again. An...
PT-2021-22432 · Cachet · Cachet
Name of the Vulnerable Software and Affected Versions: Cachet versions prior to 2.5.1 Description: Cachet is an open source status page system. Authenticated users, regardless of their privileges, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APP KE...
CVE-2021-39165
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...
CVE-2021-39165
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...
Sql injection
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...
CVE-2021-39165 Unauthenticated SQL Injection
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and...
CVE-2021-39165
Cachet
Github Cachet SQL注入漏洞
Github Cachet is a software application. An open source status page system. A SQL injection vulnerability exists in versions prior to Cachet 2.3.18, which can be exploited by unauthenticated attackers to steal sensitive data such as administrator passwords and sessions from the database...
Cachet Financial Reeling from MyPayrollHR Fraud
When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway...
NY Payroll Company Vanishes With $35 Million
MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company's CEO, resulted in...