CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account...

8.8CVSS7.3AI score0.00284EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:46 p.m.•5 views

CVE-2020-6948

A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password...

9.8CVSS7.8AI score0.03282EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:39 p.m.•4 views

CVE-2020-5840

An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field...

7.5CVSS6.7AI score0.00469EPSS

Exploits0References1

OSV•added 2022/05/24 5:6 p.m.•12 views

GHSA-4GJV-5JJP-RCGH HashBrown CMS RCE

9.8CVSS9.8AI score0.03282EPSS

Exploits1References4

OSV•added 2022/05/24 5:5 p.m.•15 views

GHSA-Q7HX-MRV5-6MRP HashBrown CMS Directory Traversal

An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field...

7.5CVSS7.3AI score0.00469EPSS

Exploits0References5

Github Security Blog•added 2022/05/24 5:5 p.m.•14 views

HashBrown CMS Directory Traversal

An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field...

7.5CVSS6.7AI score0.00469EPSS

Exploits0References5Affected Software1

CNVD•added 2020/01/14 12:0 a.m.•0 views

HashBrown CMS Remote Code Execution Vulnerability

HashBrown CMS is an open source headless content management system CMS. HashBrown CMS suffers from a remote code execution vulnerability that stems from the program not performing proper security checks. An attacker could exploit the vulnerability to execute code...

9.8CVSS8.2AI score0.03282EPSS

Exploits1References1

OSV•added 2020/01/13 7:15 p.m.•13 views

CVE-2020-6949

8.8CVSS7.3AI score

Exploits0References1

OSV•added 2020/01/13 7:15 p.m.•14 views

CVE-2020-6948

9.8CVSS7.8AI score

Exploits0References1

NVD•added 2020/01/13 7:15 p.m.•9 views

CVE-2020-6948

9.8CVSS9.8AI score0.03282EPSS

Exploits1References1

NVD•added 2020/01/13 7:15 p.m.•9 views

CVE-2020-6949

8.8CVSS9AI score0.00284EPSS

Exploits1References1

Prion•added 2020/01/13 7:15 p.m.•14 views

Privilege escalation

6.5CVSS8.9AI score0.00284EPSS

Exploits1References1Affected Software1

Prion•added 2020/01/13 7:15 p.m.•12 views

Remote code execution

7.5CVSS9.7AI score0.03282EPSS

Exploits1References1Affected Software1

CVE•added 2020/01/13 6:58 p.m.•56 views

CVE-2020-6948

Summary (CVE-2020-6948): HashBrown CMS up to version 1.3.3 contains a remote code execution flaw in the deployer code path. Specifically, Server/Entity/Deployer/GitDeployer.js uses Service.AppService.exec in a way that mishandles URL, repository, username, and password. The vulnerability is docum...

9.8CVSS9.7AI score0.03282EPSS

Exploits1References1Affected Software1

Cvelist•added 2020/01/13 6:58 p.m.•14 views

CVE-2020-6948

9.8AI score0.03282EPSS

Exploits1References1

CVE•added 2020/01/13 6:58 p.m.•60 views

CVE-2020-6949

HashBrown CMS up to version 1.3.3 contains a privilege-escalation flaw in the postUser function. An editor user can modify the password hash of an admin account or reconfigure that account, enabling lateral/admin access. The vulnerability is described across multiple sources (HashBrown CMS ecosys...

8.8CVSS8.9AI score0.00284EPSS

Exploits1References1Affected Software1

Cvelist•added 2020/01/13 6:58 p.m.•13 views

CVE-2020-6949

9AI score0.00284EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by