164 matches found
Path Traversal
croogo/croogo is vulnerable to path traversal. The vulnerability is due to improper validation of the edit-file parameter, which allows an attacker to craft malicious file paths and read arbitrary files on the server...
CVE-2019-20789
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies...
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
GHSA-G5P6-3J82-XFM4 Croogo CMS has a path traversal vulnerability
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
Directory Traversal
Overview croogo/croogo is an Open Source CMS built for everyone. Affected versions of this package are vulnerable to Directory Traversal via the edit-file parameter. An attacker can access arbitrary files on the server by supplying a specially crafted path. Details A Directory Traversal attack al...
EUVD-2024-55362
Croogo CMS has a path traversal vulnerability...
Croogo CMS has a path traversal vulnerability
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
CVE-2024-42718
CVE-2024-42718 affects Croogo CMS 4.0.7 and is a path-traversal vulnerability that allows remote attackers to read arbitrary files via a crafted value in the edit-file parameter. The issue is documented across multiple feeds (Red Hat, CIRCL, OSV, NVD, etc.) with the same description. The CVE entr...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
Croogo 安全漏洞
Croogo is Croogo open source a set of CakePHP framework based on the development of content management system CMS. The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. Croogo 4.0.7 version of a security vulnerability , th...
EUVD-2015-1196
Malware in sbrugna...
EUVD-2021-1342
Malware in sbrugna...
EUVD-2022-1310
Malicious code in bioql PyPI...