GO-2022-0570 Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

Path Traversal in file editor on Windows in Gogs in gogs.io/gogs...

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

Code injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

PT-2023-30234 · Ispconfig · Ispconfig

Name of the Vulnerable Software and Affected Versions: ISPConfig versions prior to 3.2.11p1 Description: An issue was discovered that allows PHP code injection in the language file editor by an admin if admin allow langedit is enabled. This issue can be exploited to achieve PHP code injection...

Sql injection

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

CVE-2023-40612 Authenticated XXE Injection Via The File Editor

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

CVE-2023-40612

Summary of CVE-2023-40612 : In OpenNMS Horizon, versions 31.0.8 and earlier than 32.0.2, the file editor is accessible to users with the ROLE_FILESYSTEM_EDITOR privilege and is vulnerable to XXE injection attacks. The root cause is an XXE processing vulnerability in the file editor component. The...

CVE-2023-40612 Authenticated XXE Injection Via The File Editor

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

Path Traversal in file editor on Windows in Gogs

Impact The malicious user is able to delete and upload arbitrary files. All installations on Windows with repository upload enabled default are affected. Patches Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...

GHSA-994F-7G86-QR56 Path Traversal in file editor on Windows in Gogs

Impact The malicious user is able to delete and upload arbitrary files. All installations on Windows with repository upload enabled default are affected. Patches Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...

OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

Path Traversal in file editor on Windows in Gogs

Impact The malicious user is able to delete and upload arbitrary files. All installations on Windows with repository upload enabled default are affected. Patches Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...

CVE-2021-32744

CVE-2021-32744 affects Collabora Online. Versions prior to 4.2.17-1 and 6.4.9-5 allow unauthenticated attackers to access files open by other users by guessing the file identifier (IDOR). The file-identifier predictability depends on external storage implementations. Patches exist in 4.2.17-1 and...

Code injection

An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges...

CVE-2021-24367

The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability...

CVE-2021-24367

CVE-2021-24367 affects the WordPress plugin WP Config File Editor up to version 1.7.1, which contains an Authenticated Stored Cross-Site Scripting (XSS) flaw. The vulnerability arises within the plugin’s admin-facing functionality; exploitation requires authentication (typically an admin). A PoC ...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WP Config File Editor WordPress plugin 1.7.1 and earlier versions...

WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Config File Editor WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesse...