64 matches found
CVE-2026-55417
Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...
CVE-2026-55417
Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...
CVE-2026-55417
Chevereto (self-hosted media sharing) is affected in versions 3.7.5 up to before 4.5.4. The issue is that when a user enables private profile, the HTML route (/username) correctly returns 404, but the /json AJAX listing endpoint does not apply the same privacy check. An unauthenticated caller who...
CVE-2026-55417 Chevereto private profile setting leaks username on /json endpoint
Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...
CVE-2026-55417 Chevereto private profile setting leaks username on /json endpoint
Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...
PT-2026-56237
Name of the Vulnerable Software and Affected Versions Chevereto versions 3.7.5 through 4.5.3 Description An issue exists in the self-hosted media-sharing platform where the /json AJAX listing endpoint fails to enforce private profile restrictions. While the profile HTML route /username correctly...
CVE-2020-37186
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...
CVE-2020-37186
CVE-2020-37186 affects Chevereto 3.13.4 Core. The vulnerability arises in the database configuration installation where the database table prefix parameter can be manipulated to write a PHP shell file and execute arbitrary system commands via a crafted POST request. Impact is high: remote code ex...
CVE-2020-37186
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...
CVE-2020-37186 Chevereto 3.13.4 Core - Remote Code Execution
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...
CVE-2020-37186 Chevereto 3.13.4 Core - Remote Code Execution
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...
PT-2026-7684
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...
Chevereto 代码注入漏洞
Chevereto is a graph-based program. The Chevereto 3.13.4 Core version has a code injection vulnerability, which stems from improper handling of database table prefix parameters. This vulnerability may lead to remote code execution...
CVE-2021-31721
Chevereto before 3.17.1 allows Cross Site Scripting XSS via an image title at the image upload stage...
EUVD-2012-2898
Malware in sbrugna...
EUVD-2018-4014
Malware in sbrugna...
EUVD-2017-1378
Malware in sbrugna...
EUVD-2012-2899
Malware in sbrugna...
EUVD-2021-18605
Malware in sbrugna...
Chevereto CMS 3.7.0 SQL Injection
==================================================================================================================================== | Title : Chevereto CMS V3.7.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit...